From e9db898151b810cce5aee7cb7682e279059c4457 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Fri, 14 Sep 2012 09:28:06 -0700
Subject: [PATCH 01/50] docs: Update docs to the modern age of Samba 4.0

This removes references to security=share, security=server and other outdated things.

It also updates to a world where encrypted passwords are the norm.

Andrew Bartlett
---
 docs-xml/Samba3-HOWTO/TOSHARG-Diagnosis.xml  |   40 ++---
 docs-xml/Samba3-HOWTO/TOSHARG-ServerType.xml |  242 +-------------------------
 2 files changed, 15 insertions(+), 267 deletions(-)

diff --git a/docs-xml/Samba3-HOWTO/TOSHARG-Diagnosis.xml b/docs-xml/Samba3-HOWTO/TOSHARG-Diagnosis.xml
index 951c879..5ea2db2 100644
--- a/docs-xml/Samba3-HOWTO/TOSHARG-Diagnosis.xml
+++ b/docs-xml/Samba3-HOWTO/TOSHARG-Diagnosis.xml
@@ -130,9 +130,9 @@ configuration file is faulty.
 
 <note><para>
 <indexterm><primary>/etc/samba</primary></indexterm>
-<indexterm><primary>/usr/local/samba/lib</primary></indexterm>
+<indexterm><primary>/usr/local/samba/etc</primary></indexterm>
 Your &smb.conf; file may be located in <filename>/etc/samba</filename>
-or in <filename>/usr/local/samba/lib</filename>.
+or in <filename>/usr/local/samba/etc</filename>.
 </para></note>
 </step>
 
@@ -431,8 +431,9 @@ If it says <quote><errorname>bad password,</errorname></quote> then the likely c
 <orderedlist>
 <listitem>
 	<para>
-	You have shadow passwords (or some other password system) but didn't
-	compile in support for them in &smbd;.
+	Password encryption is enabled by default, but you have not
+	yet set a password for your samba user. Run
+	<command>smbpasswd -a username</command>
 	</para>
 </listitem>
 
@@ -444,7 +445,8 @@ If it says <quote><errorname>bad password,</errorname></quote> then the likely c
 
 <listitem>
 	<para>
-	You have a mixed-case password and you haven't enabled the <smbconfoption name="password level"/> option at a high enough level.
+	You have explicitly disabled encrypted passwords with
+	<smbconfoption name="encrypt passwords">no</smbconfoption> have a mixed-case password and you haven't enabled the <smbconfoption name="password level"/> option at a high enough level.
 	</para>
 </listitem>
 
@@ -454,12 +456,6 @@ If it says <quote><errorname>bad password,</errorname></quote> then the likely c
 	</para>
 </listitem>
 
-<listitem>
-	<para>
-	You enabled password encryption but didn't map UNIX to Samba users. Run
-	<command>smbpasswd -a username</command>
-	</para>
-</listitem>
 </orderedlist>
 
 <para>
@@ -544,17 +540,7 @@ and other config lines in &smb.conf; are correct.
 </para>
 
 <para>
-It's also possible that the server can't work out what username to connect you as.
-To see if this is the problem, add the line
-<smbconfoption name="user">username</smbconfoption> to the
-<smbconfsection name="[tmp]"/> section of 
-&smb.conf; where <parameter>username</parameter> is the
-username corresponding to the password you typed. If you find this
-fixes things, you may need the username mapping option. 
-</para>
-
-<para>
-It might also be the case that your client only sends encrypted passwords 
+By default, most clients only sends encrypted passwords 
 and you have <smbconfoption name="encrypt passwords">no</smbconfoption> in &smb.conf;.
 Change this setting to `yes' to fix this.
 </para>
@@ -587,13 +573,9 @@ From file manager, try to browse the server. Your Samba server should
 appear in the browse list of your local workgroup (or the one you
 specified in &smb.conf;). You should be able to double-click on the name
 of the server and get a list of shares. If you get the error message <quote>invalid password,</quote>
- you are probably running Windows NT and it
-is refusing to browse a server that has no encrypted password
-capability and is in user-level security mode. In this case, either set
-<smbconfoption name="security">server</smbconfoption> and 
-<smbconfoption name="password server">Windows_NT_Machine</smbconfoption> in your
-&smb.conf; file or make sure <smbconfoption name="encrypt passwords"/> is
-set to <quote>yes</quote>.
+your client may be refusing to browse a server that has no encrypted password
+capability. In this case make sure <smbconfoption name="encrypt passwords"/> is
+set to <quote>yes</quote> and repeat the steps in this gude.
 </para>
 
 </step>
diff --git a/docs-xml/Samba3-HOWTO/TOSHARG-ServerType.xml b/docs-xml/Samba3-HOWTO/TOSHARG-ServerType.xml
index 0b90c92..cb92766 100644
--- a/docs-xml/Samba3-HOWTO/TOSHARG-ServerType.xml
+++ b/docs-xml/Samba3-HOWTO/TOSHARG-ServerType.xml
@@ -177,24 +177,10 @@ protocol. Since some time around 1996 the protocol has been better known as the
 <indexterm><primary>security levels</primary></indexterm>
 <indexterm><primary>security modes</primary></indexterm>
 <indexterm><primary>user-level</primary></indexterm>
-<indexterm><primary>share-level</primary></indexterm>
-In the SMB/CIFS networking world, there are only two types of security: <emphasis>user-level</emphasis> and
-<emphasis>share level</emphasis>. We refer to these collectively as <emphasis>security levels</emphasis>.  In
-implementing these two security levels, Samba provides flexibilities that are not available with MS Windows
-NT4/200x servers. In fact, Samba implements <emphasis>share-level</emphasis> security only one way, but has
-four ways of implementing <emphasis>user-level</emphasis> security. Collectively, we call the Samba
+Samba has three ways of implementing <emphasis>user-level</emphasis> security. Collectively, we call the Samba
 implementations of the security levels <emphasis>security modes</emphasis>. They are known as
-<emphasis>share</emphasis>, <emphasis>user</emphasis>, <emphasis>domain</emphasis>, <emphasis>ADS</emphasis>,
-and <emphasis>server</emphasis> modes.  They are documented in this chapter.
-</para>
-
-<para>
-An SMB server informs the client, at the time of a session setup, the security level the server is running.
-There are two options: share-level and user-level. Which of these two the client receives affects the way the
-client then tries to authenticate itself. It does not directly affect (to any great extent) the way the Samba
-server does security. This may sound strange, but it fits in with the client/server approach of SMB.  In SMB
-everything is initiated and controlled by the client, and the server can only tell the client what is
-available and whether an action is allowed.
+<emphasis>user</emphasis>, <emphasis>domain</emphasis> and
+<emphasis>ADS</emphasis> modes.  They are documented in this chapter.
 </para>
 
 <para>
@@ -268,71 +254,6 @@ This is the default setting since Samba-2.2.x.
 
 </sect2>
 <sect2>
-<title>Share-Level Security</title>
-
-<para>
-<indexterm><primary>share-level</primary></indexterm>
-<indexterm><primary>mount</primary></indexterm>
-In share-level security, the client authenticates itself separately for each share. It sends a password along
-with each tree connection request (share mount), but it does not explicitly send a username with this
-operation. The client expects a password to be associated with each share, independent of the user. This means
-that Samba has to work out what username the client probably wants to use,
-because the username is not explicitly sent to the SMB server. Some commercial SMB servers such as NT actually associate passwords directly with shares
-in share-level security, but Samba always uses the UNIX authentication scheme where it is a username/password
-pair that is authenticated, not a share/password pair.
-</para>
-
-<para>
-To understand the MS Windows networking parallels, think in terms of MS Windows 9x/Me where you can create a
-shared folder that provides read-only or full access, with or without a password.
-</para>
-
-<para>
-Many clients send a session setup request even if the server is in share-level security. They normally send a valid
-username but no password. Samba records this username in a list of possible usernames. When the client then
-issues a tree connection request, it also adds to this list the name of the share they try to connect to (useful for
-home directories) and any users listed in the <smbconfoption name="user"/> parameter in the &smb.conf; file.
-The password is then checked in turn against these possible usernames. If a match is found, then the client is
-authenticated as that user.
-</para>
-
-<para>
-<indexterm><primary>name service switch</primary><see>NSS</see></indexterm>
-<indexterm><primary>/etc/passwd</primary></indexterm>
-<indexterm><primary>nsswitch.conf</primary></indexterm>
-Where the list of possible user names is not provided, Samba makes a UNIX system call to find the user
-account that has a password that matches the one provided from the standard account database. On a system that
-has no name service switch (NSS) facility, such lookups will be from the <filename>/etc/passwd</filename>
-database. On NSS enabled systems, the lookup will go to the libraries that have been specified in the
-<filename>nsswitch.conf</filename> file. The entries in that file in which the libraries are specified are:
-<screen>
-passwd: files nis ldap
-shadow: files nis ldap
-group: files nis ldap
-</screen>
-<indexterm><primary>/etc/passwd</primary></indexterm>
-<indexterm><primary>/etc/group</primary></indexterm>
-<indexterm><primary>NIS</primary></indexterm>
-In the example shown here (not likely to be used in practice) the lookup will check
-<filename>/etc/passwd</filename> and <filename>/etc/group</filename>, if not found it will check NIS, then
-LDAP.
-</para>
-
-<sect3>
-<title>Example Configuration</title>
-
-<para>
-The &smb.conf; parameter that sets share-level security is:
-</para>
-
-<para><smbconfblock>
-<smbconfoption name="security">share</smbconfoption>
-</smbconfblock></para>
-
-</sect3>
-</sect2>
-
-<sect2>
 <title>Domain Security Mode (User-Level Security)</title>
 
 <para>
@@ -418,32 +339,12 @@ security domain. This is done as follows:
 
 
 <procedure>
-        <step><para>On the MS Windows NT domain controller, using
-        the Server Manager, add a machine account for the Samba server.
-        </para></step>
-
         <step><para>On the UNIX/Linux system execute:</para>
 	
 			<para><screen>&rootprompt;<userinput>net rpc join -U administrator%password</userinput></screen></para>
 		</step>
 </procedure>
 
-<note><para>
-<indexterm><primary>smbpasswd</primary></indexterm>
-Samba-2.2.4 and later Samba 2.2.x series releases can autojoin a Windows NT4-style domain just by executing:
-<screen>
-&rootprompt;<userinput>smbpasswd -j <replaceable>DOMAIN_NAME</replaceable> -r <replaceable>PDC_NAME</replaceable> \
-	 -U Administrator%<replaceable>password</replaceable></userinput>
-</screen>
-<indexterm><primary>net</primary><secondary>rpc</secondary><tertiary>join</tertiary></indexterm>
-Samba-3 can do the same by executing:
-<screen>
-&rootprompt;<userinput>net rpc join -U Administrator%<replaceable>password</replaceable></userinput>
-</screen>
-It is not necessary with Samba-3 to specify the <replaceable>DOMAIN_NAME</replaceable> or the
-<replaceable>PDC_NAME</replaceable>, as it figures this out from the &smb.conf; file settings.
-</para></note>
-
 <para>
 <indexterm><primary>invalid shell</primary></indexterm>
 <indexterm><primary>/etc/passwd</primary></indexterm>
@@ -481,7 +382,7 @@ For more information regarding domain membership, <link linkend="domain-member">
 <para>
 <indexterm><primary>ADS</primary></indexterm>
 <indexterm><primary>native mode</primary></indexterm>
-Both Samba-2.2, and Samba-3 can join an Active Directory domain using NT4 style RPC based security.  This is
+Samba can join an Active Directory domain using NT4 style RPC based security.  This is
 possible if the domain is run in native mode. Active Directory in native mode perfectly allows NT4-style
 domain members. This is contrary to popular belief.
 </para>
@@ -527,103 +428,6 @@ ADS Domain Membership</link> for more information regarding this configuration o
 </sect3>
 </sect2>
 
-<sect2>
-<title>Server Security (User Level Security)</title>
-
-<para>
-Server security mode is left over from the time when Samba was not capable of acting
-as a domain member server. It is highly recommended not to use this feature. Server
-security mode has many drawbacks that include:
-</para>
-
-<itemizedlist>
-	<listitem><para>Potential account lockout on MS Windows NT4/200x password servers.</para></listitem>
-	<listitem><para>Lack of assurance that the password server is the one specified.</para></listitem>
-	<listitem><para>Does not work with Winbind, which is particularly needed when storing profiles remotely.</para></listitem>
-	<listitem><para>This mode may open connections to the password server and keep them open for extended periods.</para></listitem>
-	<listitem><para>Security on the Samba server breaks badly when the remote password server suddenly shuts down.</para></listitem>
-	<listitem><para>With this mode there is NO security account in the domain that the password server belongs to for the Samba server.</para></listitem>
-</itemizedlist>
-
-<para>
-<indexterm><primary>session setup</primary></indexterm>
-<indexterm><primary>SMB</primary></indexterm>
-In server security mode the Samba server reports to the client that it is in user-level security. The client
-then does a session setup as described earlier.  The Samba server takes the username/password that the client
-sends and attempts to log into the <smbconfoption name="password server"/> by sending exactly the same
-username/password that it got from the client. If that server is in user-level security and accepts the
-password, then Samba accepts the client's connection. This parameter allows the Samba server to use another
-SMB server as the <smbconfoption name="password server"/>.
-</para>
-
-<para>
-<indexterm><primary>security level</primary></indexterm>
-<indexterm><primary>encryption</primary></indexterm>
-You should also note that at the start of all this, when the server tells the client
-what security level it is in, it also tells the client if it supports encryption. If it
-does, it supplies the client with a random cryptkey. The client will then send all
-passwords in encrypted form. Samba supports this type of encryption by default.
-</para>
-
-<para>
-The parameter <smbconfoption name="security">server</smbconfoption> means that Samba reports to clients that
-it is running in <emphasis>user mode</emphasis> but actually passes off all authentication requests to another
-user mode server. This requires an additional parameter <smbconfoption name="password server"/> that points to
-the real authentication server.  The real authentication server can be another Samba server, or it can be a
-Windows NT server, the latter being natively capable of encrypted password support.
-</para>
-
-<note><para>
-<indexterm><primary>password server</primary></indexterm>
-<indexterm><primary>workgroup</primary></indexterm>
-When Samba is running in <emphasis>server security mode</emphasis>, it is essential that the parameter
-<emphasis>password server</emphasis> is set to the precise NetBIOS machine name of the target authentication
-server. Samba cannot determine this from NetBIOS name lookups because the choice of the target authentication
-server is arbitrary and cannot be determined from a domain name. In essence, a Samba server that is in
-<emphasis>server security mode</emphasis> is operating in what used to be known as workgroup mode.
-</para></note>
-
-<sect3>
-<title>Example Configuration</title>
-<para><emphasis>
-Using MS Windows NT as an Authentication Server
-</emphasis></para>
-
-<para>
-This method involves the additions of the following parameters in the &smb.conf; file:
-</para>
-
-<para><smbconfblock>
-<smbconfoption name="encrypt passwords">Yes</smbconfoption>
-<smbconfoption name="security">server</smbconfoption>
-<smbconfoption name="password server">"NetBIOS_name_of_a_DC"</smbconfoption>
-</smbconfblock></para>
-
-
-<para>
-There are two ways of identifying whether or not a username and password pair is valid.
-One uses the reply information provided as part of the authentication messaging
-process, the other uses just an error code.
-</para>
-
-<para>
-<indexterm><primary>bogus</primary></indexterm>
-<indexterm><primary>lockout</primary></indexterm>
-The downside of this mode of configuration is that for security reasons Samba
-will send the password server a bogus username and a bogus password, and if the remote
-server fails to reject the bogus username and password pair, then an alternative mode of
-identification or validation is used. Where a site uses password lockout, after a
-certain number of failed authentication attempts, this will result in user lockouts.
-</para>
-
-<para>
-Use of this mode of authentication requires a standard UNIX account for the user.
-This account can be blocked to prevent logons by non-SMB/CIFS clients.
-</para>
-
-</sect3>
-</sect2>
-
 </sect1>
 
 <sect1>
@@ -738,24 +542,6 @@ to those for whom English is not their native tongue.
 </para>
 
 <sect2>
-<title>What Makes Samba a Server?</title>
-
-<para>
-To some, the nature of the Samba security mode is obvious, but entirely
-wrong all the same. It is assumed that <smbconfoption name="security">server</smbconfoption> means that Samba
-will act as a server. Not so! This setting means that Samba will <emphasis>try</emphasis>
-to use another SMB server as its source for user authentication alone.
-</para>
-
-<para>
-Samba is a server regardless of which security mode is chosen. When Samba is used outside of a domain security
-context, it is best to leave the security mode at the default setting. By default Samba-3 uses user-mode
-security.
-</para>
-
-</sect2>
-
-<sect2>
 <title>What Makes Samba a Domain Controller?</title>
 
 <para>
@@ -778,26 +564,6 @@ makes Samba act as a domain member. Read the manufacturer's manual before the wa
 
 </sect2>
 
-
-<sect2>
-<title>Constantly Losing Connections to Password Server</title>
-
-<para><quote>
-Why does server_validate() simply give up rather than re-establish its connection to the
-password server?  Though I am not fluent in the SMB protocol, perhaps the cluster server
-process passes along to its client workstation the session key it receives from the password
-server, which means the password hashes submitted by the client would not work on a subsequent
-connection whose session key would be different. So server_validate() must give up.
-</quote></para>
-
-<para>
-Indeed. That's why <smbconfoption name="security">server</smbconfoption>
-is at best a nasty hack. Please use <smbconfoption name="security">domain</smbconfoption>;
-<smbconfoption name="security">server</smbconfoption> mode is also known as pass-through authentication.
-</para>
-
-</sect2>
-
 <sect2>
 <title>Stand-alone Server is converted to Domain Controller &smbmdash; Now User accounts don't work</title>
 
-- 
1.7.9.5


From 15f44e59dc9b9b40e64b6055c50cd58c90a53f34 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Fri, 14 Sep 2012 09:29:51 -0700
Subject: [PATCH 02/50] docs: Remove distinction between server and domain
 accounts

Accounts on a server become accounts on the DC when upgraded.  If they do not
then this is simply a bug (in say tdbsam), not a feature to be documented.

Andrew Bartlett
---
 docs-xml/Samba3-HOWTO/TOSHARG-ServerType.xml |   30 --------------------------
 1 file changed, 30 deletions(-)

diff --git a/docs-xml/Samba3-HOWTO/TOSHARG-ServerType.xml b/docs-xml/Samba3-HOWTO/TOSHARG-ServerType.xml
index cb92766..f0c07d2 100644
--- a/docs-xml/Samba3-HOWTO/TOSHARG-ServerType.xml
+++ b/docs-xml/Samba3-HOWTO/TOSHARG-ServerType.xml
@@ -564,36 +564,6 @@ makes Samba act as a domain member. Read the manufacturer's manual before the wa
 
 </sect2>
 
-<sect2>
-<title>Stand-alone Server is converted to Domain Controller &smbmdash; Now User accounts don't work</title>
-
-<para><quote>
-When I try to log in to the DOMAIN, the eventlog shows <emphasis>tried credentials DOMAIN/username; effective
-credentials SERVER/username</emphasis>
-</quote></para>
-
-<para>
-Usually this is due to a user or machine account being created before the Samba server is configured to be a
-domain controller. Accounts created before the server becomes a domain controller will be
-<emphasis>local</emphasis> accounts and authenticated as what looks like a member in the SERVER domain, much
-like local user accounts in Windows 2000 and later.  Accounts created after the Samba server becomes a domain
-controller will be <emphasis>domain</emphasis> accounts and will be authenticated as a member of the DOMAIN
-domain.
-</para>
-
-<para>
-This can be verified by issuing the command <command>pdbedit -L -v username</command>.  If this reports DOMAIN
-then the account is a domain account, if it reports SERVER then the account is a local account.
-</para>
-
-<para>
-The easiest way to resolve this is to remove and recreate the account; however this may cause problems with
-established user profiles. You can also use <command>pdbedit -u username -I DOMAIN</command>. You may also
-need to change the User SID and Primary Group SID to match the domain.
-</para>
-
-</sect2>
-
 </sect1>
 
 </chapter>
-- 
1.7.9.5


From 49becb60316e1adb945d17f5c157a91fd6afd857 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Fri, 14 Sep 2012 11:57:05 -0700
Subject: [PATCH 03/50] docs: remove references to security=server

---
 docs-xml/Samba3-HOWTO/TOSHARG-DomainMember.xml |   66 ------------------------
 1 file changed, 66 deletions(-)

diff --git a/docs-xml/Samba3-HOWTO/TOSHARG-DomainMember.xml b/docs-xml/Samba3-HOWTO/TOSHARG-DomainMember.xml
index d017863..53b7d1a 100644
--- a/docs-xml/Samba3-HOWTO/TOSHARG-DomainMember.xml
+++ b/docs-xml/Samba3-HOWTO/TOSHARG-DomainMember.xml
@@ -797,72 +797,6 @@ but in most cases the following will suffice:
 
 </sect2>
 
-<sect2>
-<title>Why Is This Better Than <parameter>security = server</parameter>?</title>
-
-<para>
-<indexterm><primary>domain security</primary></indexterm>
-<indexterm><primary>UNIX users</primary></indexterm>
-<indexterm><primary>authentication</primary></indexterm>
-Currently, domain security in Samba does not free you from having to create local UNIX users to represent the
-users attaching to your server. This means that if domain user <constant>DOM\fred</constant> attaches to your
-domain security Samba server, there needs to be a local UNIX user fred to represent that user in the UNIX file
-system. This is similar to the older Samba security mode <smbconfoption
-name="security">server</smbconfoption>, where Samba would pass through the authentication request to a Windows
-NT server in the same way as a Windows 95 or Windows 98 server would.
-</para>
-
-<para>
-<indexterm><primary>winbind</primary></indexterm>
-<indexterm><primary>UID</primary></indexterm>
-<indexterm><primary>GID</primary></indexterm>
-Please refer to <link linkend="winbind">Winbind: Use of Domain Accounts</link>, for information on a system
-to automatically assign UNIX UIDs and GIDs to Windows NT domain users and groups.
-</para>
-
-<para>
-<indexterm><primary>domain-level</primary></indexterm>
-<indexterm><primary>authentication</primary></indexterm>
-<indexterm><primary>RPC</primary></indexterm>
-The advantage of domain-level security is that the authentication in domain-level security is passed down the
-authenticated RPC channel in exactly the same way that an NT server would do it. This means Samba servers now
-participate in domain trust relationships in exactly the same way NT servers do (i.e., you can add Samba
-servers into a resource domain and have the authentication passed on from a resource domain PDC to an account
-domain PDC).
-</para>
-
-<para>
-<indexterm><primary>PDC</primary></indexterm>
-<indexterm><primary>BDC</primary></indexterm>
-<indexterm><primary>connection resources</primary></indexterm>
-In addition, with <smbconfoption name="security">server</smbconfoption>, every Samba daemon on a server has to
-keep a connection open to the authenticating server for as long as that daemon lasts. This can drain the
-connection resources on a Microsoft NT server and cause it to run out of available connections. With
-<smbconfoption name="security">domain</smbconfoption>, however, the Samba daemons connect to the PDC or BDC
-only for as long as is necessary to authenticate the user and then drop the connection, thus conserving PDC
-connection resources.
-</para>
-
-<para>
-<indexterm><primary>PDC</primary></indexterm>
-<indexterm><primary>authentication reply</primary></indexterm>
-<indexterm><primary>SID</primary></indexterm>
-<indexterm><primary>NT groups</primary></indexterm>
-Finally, acting in the same manner as an NT server authenticating to a PDC means that as part of the
-authentication reply, the Samba server gets the user identification information such as the user SID, the list
-of NT groups the user belongs to, and so on.
-</para>
-
-<note>
-<para>
-Much of the text of this document was first published in the Web magazine 
-<ulink url="http://www.linuxworld.com"><emphasis>LinuxWorld</emphasis></ulink> as the article <ulink
-url="http://www.linuxworld.com/linuxworld/lw-1998-10/lw-10-samba.html"/>
-<emphasis>Doing the NIS/NT Samba</emphasis>.
-</para>
-</note>
-
-</sect2>
 </sect1>
 
 <sect1 id="ads-member">
-- 
1.7.9.5


From e0d67aba5bf698c1782124272c684882795934da Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Fri, 14 Sep 2012 11:57:38 -0700
Subject: [PATCH 04/50] docs: update for modern kerberos libs

---
 docs-xml/Samba3-HOWTO/TOSHARG-DomainMember.xml |   52 +-----------------------
 1 file changed, 2 insertions(+), 50 deletions(-)

diff --git a/docs-xml/Samba3-HOWTO/TOSHARG-DomainMember.xml b/docs-xml/Samba3-HOWTO/TOSHARG-DomainMember.xml
index 53b7d1a..fb81ac0 100644
--- a/docs-xml/Samba3-HOWTO/TOSHARG-DomainMember.xml
+++ b/docs-xml/Samba3-HOWTO/TOSHARG-DomainMember.xml
@@ -913,11 +913,7 @@ When manually configuring <filename>krb5.conf</filename>, the minimal configurat
 <screen>
 [libdefaults]
 	default_realm = YOUR.KERBEROS.REALM
-
-[realms]
-	YOUR.KERBEROS.REALM = {
-	kdc = your.kerberos.server
-	}
+	dns_lookup_kdc = true
 
 [domain_realms]
 	.kerberos.server = YOUR.KERBEROS.REALM
@@ -925,13 +921,10 @@ When manually configuring <filename>krb5.conf</filename>, the minimal configurat
 </para>
 
 <para>
-<indexterm><primary>Heimdal</primary></indexterm>
-When using Heimdal versions before 0.6, use the following configuration settings:
+If you must specify the KDC directly, the minimal configuration is:
 <screen>
 [libdefaults]
 	default_realm      = YOUR.KERBEROS.REALM
-	default_etypes     = des-cbc-crc des-cbc-md5
-	default_etypes_des = des-cbc-crc des-cbc-md5
 
 [realms]
         YOUR.KERBEROS.REALM = {
@@ -951,19 +944,6 @@ Test your config by doing a <userinput>kinit
 making sure that your password is accepted by the Win2000 KDC.
 </para>
 
-<para>
-<indexterm><primary>Heimdal</primary></indexterm>
-<indexterm><primary>ADS</primary></indexterm>
-<indexterm><primary>KDC</primary></indexterm>
-<indexterm><primary>Windows 2003</primary></indexterm>
-With Heimdal versions earlier than 0.6.x you can use only newly created accounts
-in ADS or accounts that have had the password changed once after migration, or
-in case of <constant>Administrator</constant> after installation. At the
-moment, a Windows 2003 KDC can only be used with Heimdal releases later than 0.6
-(and no default etypes in krb5.conf). Unfortunately, this whole area is still
-in a state of flux.
-</para>
-
 <note><para>
 <indexterm><primary>realm</primary></indexterm>
 <indexterm><primary>uppercase</primary></indexterm>
@@ -989,25 +969,6 @@ Clock skew limits are configurable in the Kerberos protocols. The default settin
 </para>
 
 <para>
-<indexterm><primary>DNS</primary></indexterm>
-<indexterm><primary>KDC</primary></indexterm>
-<indexterm><primary>hostname</primary></indexterm>
-<indexterm><primary>realm</primary></indexterm>
-You also must ensure that you can do a reverse DNS lookup on the IP address of your KDC. Also, the name that
-this reverse lookup maps to must either be the NetBIOS name of the KDC (i.e., the hostname with no domain
-attached) or it can be the NetBIOS name followed by the realm.
-</para>
-
-<para>
-<indexterm><primary>/etc/hosts</primary></indexterm>
-<indexterm><primary>KDC</primary></indexterm>
-<indexterm><primary>realm</primary></indexterm>
-The easiest way to ensure you get this right is to add a <filename>/etc/hosts</filename> entry mapping the IP
-address of your KDC to its NetBIOS name. If you do not get this correct, then you will get a <errorname>local
-error</errorname> when you try to join the realm.
-</para>
-
-<para>
 <indexterm><primary>Kerberos</primary></indexterm>
 <indexterm><primary>Create the Computer Account</primary></indexterm>
 <indexterm><primary>Testing Server Setup</primary></indexterm>
@@ -1094,15 +1055,6 @@ name, it may need to be quadrupled to pass through the shell escape and ldap esc
 	<replaceable>USERNAME</replaceable>@<replaceable>REALM</replaceable></userinput>.
 	<replaceable>USERNAME</replaceable> must be a user who has rights to add a machine to the domain.
 	</para></listitem></varlistentry>
-
-	<varlistentry><term>Unsupported encryption/or checksum types</term>
-	<listitem><para>
-	<indexterm><primary>/etc/krb5.conf</primary></indexterm>
-	<indexterm><primary>unsupported encryption</primary></indexterm>
-	<indexterm><primary>Kerberos</primary></indexterm>
-	Make sure that the <filename>/etc/krb5.conf</filename> is correctly configured
-	for the type and version of Kerberos installed on the system.
-	</para></listitem></varlistentry>
 </variablelist>
 </para>
 
-- 
1.7.9.5


From a5096b1f6d6aa9a05ec44587a7b4cd20579ef6da Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Fri, 14 Sep 2012 12:04:00 -0700
Subject: [PATCH 05/50] docs: Remove confusing reference to smb signing and
 client use spnego

This section is more confusing than helpful, as client support for both is on by default.

Andrew Bartlett
---
 docs-xml/Samba3-HOWTO/TOSHARG-DomainMember.xml |   19 -------------------
 1 file changed, 19 deletions(-)

diff --git a/docs-xml/Samba3-HOWTO/TOSHARG-DomainMember.xml b/docs-xml/Samba3-HOWTO/TOSHARG-DomainMember.xml
index fb81ac0..5cb2a43 100644
--- a/docs-xml/Samba3-HOWTO/TOSHARG-DomainMember.xml
+++ b/docs-xml/Samba3-HOWTO/TOSHARG-DomainMember.xml
@@ -1286,24 +1286,5 @@ account to which the Samba backend database account can be mapped.
 </para>
 
 </sect2>
-
-<sect2>
-	<title>I Can't Join a Windows 2003 PDC</title>
-
-	<para>
-<indexterm><primary>SMB signing</primary></indexterm>
-<indexterm><primary>SMB</primary></indexterm>
-<indexterm><primary>Windows 2003</primary></indexterm>
-<indexterm><primary>SMB/CIFS</primary></indexterm>
-	Windows 2003 requires SMB signing. Client-side SMB signing has been implemented in Samba-3.0.
-	Set <smbconfoption name="client use spnego">yes</smbconfoption> when communicating 
-	with a Windows 2003 server. This will not interfere with other Windows clients that do not
-	support the more advanced security features of Windows 2003 because the client will simply
-	negotiate a protocol that both it and the server suppport. This is a well-known fall-back facility
-	that is built into the SMB/CIFS protocols.
-	</para>
-
-</sect2>
-
 </sect1>
 </chapter>
-- 
1.7.9.5


From ec069b86f913cf5ad7ed3fc07bf22f7a93f5ffd4 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Fri, 14 Sep 2012 12:06:40 -0700
Subject: [PATCH 06/50] docs: Remove references to old kerberos behaviour

I have not seen any issues using the SRV records with windows, and this certainly
does not apply to current versions.  Similarly, the need to change the admin password
does not apply now we require a krb5 lib with arcfour-hmac-md5 support.

Andrew Bartlett
---
 docs-xml/Samba3-HOWTO/TOSHARG-DomainMember.xml |   21 ---------------------
 1 file changed, 21 deletions(-)

diff --git a/docs-xml/Samba3-HOWTO/TOSHARG-DomainMember.xml b/docs-xml/Samba3-HOWTO/TOSHARG-DomainMember.xml
index 5cb2a43..11f79f7 100644
--- a/docs-xml/Samba3-HOWTO/TOSHARG-DomainMember.xml
+++ b/docs-xml/Samba3-HOWTO/TOSHARG-DomainMember.xml
@@ -1106,27 +1106,6 @@ specify the <option>-k</option> option to choose Kerberos authentication.
 </para>
 
 </sect2>
-
-<sect2>
-<title>Notes</title>
-
-<para>
-<indexterm><primary>administrator password</primary></indexterm>
-<indexterm><primary>change password</primary></indexterm>
-<indexterm><primary>encryption types</primary></indexterm>
-You must change the administrator password at least once after installing a domain controller, 
-to create the right encryption types.
-</para>
-
-<para>
-<indexterm><primary>_kerberos._udp</primary></indexterm>
-<indexterm><primary>_ldap._tcp</primary></indexterm>
-<indexterm><primary>default DNS setup</primary></indexterm>
-Windows 200x does not seem to create the <parameter>_kerberos._udp</parameter> and
-<parameter>_ldap._tcp</parameter> in the default DNS setup. Perhaps this will be fixed later in service packs.
-</para>
-
-</sect2>
 </sect1>
 
 <sect1>
-- 
1.7.9.5


From 3da9281a7ab4be073ba0e983b13b018b4357fa85 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Fri, 14 Sep 2012 22:28:19 -0700
Subject: [PATCH 07/50] docs: Remove references to Subversion, replace with
 wiki link

---
 docs-xml/Samba3-HOWTO/TOSHARG-Compiling.xml |  115 ++-------------------------
 1 file changed, 8 insertions(+), 107 deletions(-)

diff --git a/docs-xml/Samba3-HOWTO/TOSHARG-Compiling.xml b/docs-xml/Samba3-HOWTO/TOSHARG-Compiling.xml
index e4baca4..d7d3e55 100644
--- a/docs-xml/Samba3-HOWTO/TOSHARG-Compiling.xml
+++ b/docs-xml/Samba3-HOWTO/TOSHARG-Compiling.xml
@@ -20,7 +20,7 @@ you can download Samba from Subversion or using <command>rsync</command>.
 </para>
 
 <sect1>
-<title>Access Samba Source Code via Subversion</title>
+<title>Access Samba Source Code via GIT</title>
 
 
 <sect2>
@@ -28,115 +28,16 @@ you can download Samba from Subversion or using <command>rsync</command>.
 
 <para>
 <indexterm><primary>Subversion</primary></indexterm>
-Samba is developed in an open environment. Developers use a
-Subversion to <quote>checkin</quote> (also known as 
-<quote>commit</quote>) new source code. Samba's various Subversion branches can
-be accessed via anonymous Subversion using the instructions
-detailed in this chapter.
-</para>
-
-<para>
-This chapter is a modified version of the instructions found at the
-<ulink noescape="1" url="http://samba.org/samba/subversion.html">Samba</ulink> Web site.
+Samba is developed in an open environment. Developers use
+GIT to <quote>checkin</quote> (also known as 
+<quote>commit</quote>) new source code.  See the
+<ulink noescape="1"
+       url="https://wiki.samba.org/index.php/Using_Git_for_Samba_Development">Using
+Git for Samba Development page</ulink> in the Samba wiki.
 </para>
 
 </sect2>
 
-<sect2>
-<title>Subversion Access to samba.org</title>
-
-<para>
-The machine samba.org runs a publicly accessible Subversion
-repository for access to the source code of several packages, 
-including Samba, rsync, distcc, ccache, and jitterbug. There are two main ways
-of accessing the Subversion server on this host.
-</para>
-
-<sect3>
-<title>Access via ViewCVS</title>
-
-
-<para>
-<indexterm><primary>SVN</primary><secondary>web</secondary></indexterm>
-You can access the source code via your favorite WWW browser. This allows you to access
-the contents of individual files in the repository and also to look at the revision 
-history and commit logs of individual files. You can also ask for a diff 
-listing between any two versions on the repository.
-</para>
-
-<para>
-Use the URL
-<ulink noescape="1" url="http://viewcvs.samba.org/">http://viewcvs.samba.org/</ulink>.
-</para>
-</sect3>
-
-<sect3>
-<title>Access via Subversion</title>
-
-<para>
-<indexterm><primary>Subversion</primary></indexterm>
-You can also access the source code via a normal Subversion client. This gives you much more control over what
-you can do with the repository and allows you to check out whole source trees and keep them up to date via
-normal Subversion commands. This is the preferred method of access if you are a developer and not just a
-casual browser.
-</para>
-
-<para>In order to be able to download the Samba sources off Subversion, you need 
-a Subversion client. Your distribution might include one, or you can download the 
-sources from <ulink noescape="1" url="http://subversion.tigris.org/">http://subversion.tigris.org/</ulink>.
-</para>
-
-<para>
-To gain access via anonymous Subversion, use the following steps. 
-</para>
-
-<procedure>
-	<title>Retrieving Samba using Subversion</title>
-
-	<step>
-	<para>
-	Install a recent copy of Subversion. All you really need is a 
-	copy of the Subversion client binary. 
-	</para>
-	</step>
-
-	<step>
-	<para>
-	Run the command 
-	<screen>
-	<userinput>svn co svn://svnanon.samba.org/samba/trunk samba</userinput>.
-	</screen>
-	</para>
-	
-	<para>
-	This will create a directory called <filename>samba</filename> containing the 
-	latest Samba source code (usually the branch that is going to be the next major release). This 
-	currently corresponds to the 3.1 development tree. 
-	</para>
-	
-	<para>
-	Subversion branches other then trunk can be obtained by adding branches/BRANCH_NAME to the URL you check
-	out. A list of branch names can be found on the <quote>Development</quote> page of the Samba Web site. A
-	common request is to obtain the latest 3.0 release code. This could be done by using the following command:
-	<screen>
-	<userinput>svn co svn://svnanon.samba.org/samba/branches/SAMBA_3_0 samba_3</userinput>.
-	</screen>
-	</para>
-	</step>
-
-	<step>
-	<para>
-	Whenever you want to merge in the latest code changes, use the following command from within the Samba
-	directory:
-	<screen>
-	<userinput>svn update</userinput>
-	</screen>
-	</para>
-	</step>
-</procedure>
-	
-</sect3>
-</sect2>
 
 </sect1>
 
@@ -158,7 +59,7 @@ To gain access via anonymous Subversion, use the following steps.
 
 	<para>
 	The disadvantage of the unpacked trees is that they do not support automatic
-	merging of local changes as Subversion does. <command>rsync</command> access is most convenient 
+	merging of local changes as GIT does. <command>rsync</command> access is most convenient 
 	for an initial install.                      
 	</para>
 </sect1>
-- 
1.7.9.5


From da86413b1311e5d1bb630faab7767036ecc74a09 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Fri, 14 Sep 2012 22:29:05 -0700
Subject: [PATCH 08/50] docs: Remove out of date links to pserver.samba.org
 and old tarballs

---
 docs-xml/Samba3-HOWTO/TOSHARG-Compiling.xml |   13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/docs-xml/Samba3-HOWTO/TOSHARG-Compiling.xml b/docs-xml/Samba3-HOWTO/TOSHARG-Compiling.xml
index d7d3e55..bf01234 100644
--- a/docs-xml/Samba3-HOWTO/TOSHARG-Compiling.xml
+++ b/docs-xml/Samba3-HOWTO/TOSHARG-Compiling.xml
@@ -49,9 +49,9 @@ Git for Samba Development page</ulink> in the Samba wiki.
 	<indexterm><primary>rsync</primary></indexterm>
 	<indexterm><primary>ftp</primary></indexterm>
 	<parameter>pserver.samba.org</parameter> also exports unpacked copies of most parts of the Subversion tree
-	at the Samba <ulink noescape="1" url="ftp://pserver.samba.org/pub/unpacked">pserver</ulink> location and also
+	at the Samba <ulink noescape="1" url="ftp://samba.org/pub/unpacked">unpacked</ulink> location and also
 	via anonymous rsync at the Samba <ulink noescape="1"
-	url="rsync://pserver.samba.org/ftp/unpacked/">rsync</ulink> server location.  I recommend using rsync rather
+	url="rsync://samba.org/ftp/unpacked/">rsync</ulink> server location.  I recommend using rsync rather
 	than ftp, because rsync is capable of compressing data streams, but it is also more useful than FTP because
 	during a partial update it will transfer only the data that is missing plus a small overhead.  See <ulink
 	noescape="1" url="http://rsync.samba.org/">the rsync home page</ulink> for more info on rsync.
@@ -82,8 +82,9 @@ With that said, go ahead and download the following files:
 </para>
 
 <para><screen>
-&prompt;<userinput>wget http://us1.samba.org/samba/ftp/samba-3.0.20.tar.asc</userinput>
-&prompt;<userinput>wget http://us1.samba.org/samba/ftp/samba-pubkey.asc</userinput>
+&prompt;<userinput>wget http://samba.org/samba/ftp/samba-latest.tar.asc</userinput>
+&prompt;<userinput>wget http://samba.org/samba/ftp/samba-latest.tar.gz</userinput>
+&prompt;<userinput>wget http://samba.org/samba/ftp/samba-pubkey.asc</userinput>
 </screen></para>
 
 
@@ -96,8 +97,8 @@ PGP key itself. Import the public PGP key with:
 </screen>
 and verify the Samba source code integrity with:
 <screen>
-&prompt;<userinput>gzip -d samba-3.0.20.tar.gz</userinput>
-&prompt;<userinput>gpg --verify samba-3.0.20.tar.asc</userinput>
+&prompt;<userinput>gzip -d samba-latest.tar.gz</userinput>
+&prompt;<userinput>gpg --verify samba-latest.tar.asc</userinput>
 </screen>
 </para>
 
-- 
1.7.9.5


From 0ca3921963707130205e11e860daea123622cb4c Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Fri, 14 Sep 2012 22:29:39 -0700
Subject: [PATCH 09/50] docs: Remove referenece to autogen.sh and document waf
 build instead

---
 docs-xml/Samba3-HOWTO/TOSHARG-Compiling.xml |   47 ++-------------------------
 1 file changed, 2 insertions(+), 45 deletions(-)

diff --git a/docs-xml/Samba3-HOWTO/TOSHARG-Compiling.xml b/docs-xml/Samba3-HOWTO/TOSHARG-Compiling.xml
index bf01234..7236dc7 100644
--- a/docs-xml/Samba3-HOWTO/TOSHARG-Compiling.xml
+++ b/docs-xml/Samba3-HOWTO/TOSHARG-Compiling.xml
@@ -117,28 +117,9 @@ gpg: BAD signature from <quote>Samba Distribution Verification Key</quote>
 	<title>Building the Binaries</title>
 	
 	<para>
-	<indexterm><primary>autogen.sh</primary></indexterm>
-<indexterm><primary>configure</primary></indexterm>
-	After the source tarball has been unpacked, the next step involves
-	configuration to match Samba to your operating system platform.
-	If your source directory does not contain the <command>configure</command> script,
-	it is necessary to build it before you can continue. Building of
-	the configure script requires the correct version of the autoconf
-	tool kit. Where the necessary version of autoconf is present,
-	the configure script can be generated by executing the following
-	(please note that in Samba 3.4.x, the directory is called source3 instead
-	of source):
-<screen>
-&rootprompt; cd samba-3.0.20/source
-&rootprompt; ./autogen.sh
-</screen>
-	</para>
-	
-
-	<para>
 	<indexterm><primary>configure</primary></indexterm>
 	To build the binaries, run the program <userinput>./configure
-	</userinput> in the source directory. This should automatically 
+	</userinput> in the top level director of the source tree. This should automatically 
 	configure Samba for your operating system. If you have unusual 
 	needs, then you may wish to first run:
 <screen>
@@ -167,30 +148,6 @@ gpg: BAD signature from <quote>Samba Distribution Verification Key</quote>
 </screen>
 	</para>
 	
-	<para>
-	Some people prefer to install binary files and man pages separately. If this is
-	your wish, the binary files can be installed by executing:
-<screen>
-&rootprompt; <userinput>make installbin</userinput>
-</screen>
-	The man pages can be installed using this command:
-<screen>
-&rootprompt; <userinput>make installman</userinput>
-</screen>
-	</para>
-
-	<para>
-	Note that if you are upgrading from a previous version of Samba the old
-	versions of the binaries will be renamed with an <quote>.old</quote> extension.
-	You can go back to the previous version by executing:
-<screen>
-&rootprompt; <userinput>make revert</userinput>
-</screen>
-	As you can see from this, building and installing Samba does not need to
-	result in disaster!
-	</para>
-	
-
 	<sect2>
 	<title>Compiling Samba with Active Directory Support</title>
 	
@@ -220,7 +177,7 @@ gpg: BAD signature from <quote>Samba Distribution Verification Key</quote>
 
 	<para>
 	After you run configure, make sure that the 
-	<filename>include/config.h</filename> it generates contain lines like this:
+	<filename>bin/include/config.h</filename> it generates contain lines like this:
 <programlisting>
 #define HAVE_KRB5 1
 #define HAVE_LDAP 1
-- 
1.7.9.5


From a31f44f08ce2fcea4d5fe790ebf01a947a53ace2 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Fri, 14 Sep 2012 22:30:06 -0700
Subject: [PATCH 10/50] docs: Remove referenece to old Red Hat Linux habits on
 winbindd

---
 docs-xml/Samba3-HOWTO/TOSHARG-Compiling.xml |   20 --------------------
 1 file changed, 20 deletions(-)

diff --git a/docs-xml/Samba3-HOWTO/TOSHARG-Compiling.xml b/docs-xml/Samba3-HOWTO/TOSHARG-Compiling.xml
index 7236dc7..ffedeb3 100644
--- a/docs-xml/Samba3-HOWTO/TOSHARG-Compiling.xml
+++ b/docs-xml/Samba3-HOWTO/TOSHARG-Compiling.xml
@@ -379,26 +379,6 @@ netbios-ns dgram udp wait root /usr/local/samba/sbin/nmbd nmbd
 
 	<sect3>
 	<title>Starting Samba for Red Hat Linux</title>
-
-	<para>
-	Red Hat Linux has not always included all Samba components in the standard installation.
-	So versions of Red Hat Linux do not install the winbind utility, even though it is present
-	on the installation CDROM media. Check to see if the <command>winbindd</command> is present
-	on the system:
-<screen>
-&rootprompt; ls /usr/sbin/winbindd
-/usr/sbin/winbindd
-</screen>
-	This means that the appropriate RPM package was installed. The following response means
-	that it is not installed:
-<screen>
-/bin/ls: /usr/sbin/winbind: No such file or directory
-</screen>
-	In this case, it should be installed if you intend to use <command>winbindd</command>. Search
-	the CDROM installation media for the samba-winbind RPM and install it following Red Hat
-	guidelines.
-	</para>
-
 	<para>
 	The process for starting Samba will now be outlined. Be sure to configure Samba's &smb.conf;
 	file before starting Samba. When configured, start Samba by executing:
-- 
1.7.9.5


From d67e3d11078657f1f507486e72d12a3bf0ec90e9 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Fri, 14 Sep 2012 23:06:59 -0700
Subject: [PATCH 11/50] docs: Update BDC docs to recognise the AD DC and to
 exclusivly recommend LDAP

The confusing references to the not-recommended techniques and
outdated steps (like net rpc getsid, replaced by simply having the SID
just be in LDAP) just detract from the clarity of this document.

Andrew Bartlett
---
 docs-xml/Samba3-HOWTO/TOSHARG-BDC.xml |  179 +++------------------------------
 1 file changed, 12 insertions(+), 167 deletions(-)

diff --git a/docs-xml/Samba3-HOWTO/TOSHARG-BDC.xml b/docs-xml/Samba3-HOWTO/TOSHARG-BDC.xml
index 5aabb8b..9b69368 100644
--- a/docs-xml/Samba3-HOWTO/TOSHARG-BDC.xml
+++ b/docs-xml/Samba3-HOWTO/TOSHARG-BDC.xml
@@ -47,96 +47,12 @@ you will have stability and operational problems.
 <indexterm><primary>replication</primary><secondary>SAM</secondary></indexterm>
 <indexterm><primary>non-LDAP</primary><secondary>backend</secondary></indexterm>
 <indexterm><primary>propagate</primary></indexterm>
-While it is possible to run a Samba-3 BDC with a non-LDAP backend, that backend must allow some form of
+It is not possible to run a Samba-3 BDC with a non-LDAP backend, as that backend must allow some form of
 "two-way" propagation of changes from the BDC to the master.  At this time only LDAP delivers the capability
 to propagate identity database changes from the BDC to the PDC. The BDC can use a slave LDAP server, while it
 is preferable for the PDC to use as its primary an LDAP master server.
 </para>
 
-<para>
-<indexterm><primary>non-LDAP</primary><secondary>backend</secondary></indexterm>
-<indexterm><primary>SAM backend</primary><secondary>non-LDAP</secondary></indexterm>
-<indexterm><primary>domain</primary><secondary>member</secondary><tertiary>server</tertiary></indexterm>
-<indexterm><primary>BDC</primary></indexterm>
-<indexterm><primary>PDC</primary></indexterm>
-<indexterm><primary>trust account password</primary></indexterm>
-<indexterm><primary>domain trust</primary></indexterm>
-The use of a non-LDAP backend SAM database is particularly problematic because domain member
-servers and workstations periodically change the Machine Trust Account password. The new
-password is then stored only locally. This means that in the absence of a centrally stored
-accounts database (such as that provided with an LDAP-based solution) if Samba-3 is running
-as a BDC, the BDC instance of the domain member trust account password will not reach the
-PDC (master) copy of the SAM. If the PDC SAM is then replicated to BDCs, this results in 
-overwriting the SAM that contains the updated (changed) trust account password with resulting
-breakage of the domain trust.
-</para>
-
-<para>
-<indexterm><primary>net</primary><secondary>rpc</secondary></indexterm>
-<indexterm><primary>SAM backend</primary><secondary>ldapsam</secondary></indexterm>
-<indexterm><primary>SAM backend</primary><secondary>tdbsam</secondary></indexterm>
-<indexterm><primary>replication</primary><secondary>SAM</secondary></indexterm>
-Considering the number of comments and questions raised concerning how to configure a BDC,
-let's consider each possible option and look at the pros and cons for each possible solution.
-<link linkend="pdc-bdc-table">The Domain Backend Account Distribution Options table below</link> lists 
-possible design configurations for a PDC/BDC infrastructure.
-</para>
-
-<table frame="all" id="pdc-bdc-table"><title>Domain Backend Account Distribution Options</title>
-<tgroup cols="3">
-        <colspec align="center" colwidth="1*"/>
-        <colspec align="center" colwidth="1*"/>
-        <colspec align="left" colwidth="3*"/>
-
-        <thead>
-        <row><entry>PDC Backend</entry><entry>BDC Backend</entry><entry>Notes/Discussion</entry></row>
-        </thead>
-        <tbody>
-        <row>
-        <entry><para>Master LDAP Server</para></entry>
-        <entry><para>Slave LDAP Server</para></entry>
-        <entry><para>The optimal solution that provides high integrity. The SAM will be
-		replicated to a common master LDAP server.</para></entry>
-        </row>
-        <row>
-        <entry><para>Single Central LDAP Server</para></entry>
-        <entry><para>Single Central LDAP Server</para></entry>
-	<entry><para>
-	A workable solution without failover ability. This is a usable solution, but not optimal. 
-	</para></entry>
-        </row>
-        <row>
-        <entry><para>tdbsam</para></entry>
-        <entry><para>tdbsam + <command>net rpc vampire</command></para></entry>
-        <entry><para>
-	Does not work with Samba-3.0; Samba does not implement the
-        server-side protocols required.
-	</para></entry>
-        </row>
-        <row>
-        <entry><para>tdbsam</para></entry>
-        <entry><para>tdbsam + <command>rsync</command></para></entry>
-        <entry><para>
-	Do not use this configuration.
-	Does not work because the TDB files are live and data may not
-        have been flushed to disk.  Furthermore, this will cause
-        domain trust breakdown.
-	</para></entry>
-        </row>
-        <row>
-        <entry><para>smbpasswd file</para></entry>
-        <entry><para>smbpasswd file</para></entry>
-        <entry><para>
-	Do not use this configuration.
-	Not an elegant solution due to the delays in synchronization
-        and also suffers
-        from the issue of domain trust breakdown.
-	</para></entry>
-        </row>
-        </tbody>
-</tgroup>
-</table>
-
 </sect1>
 
 <sect1>
@@ -453,9 +369,12 @@ Servers in &smb.conf; example</link>.
 <indexterm><primary>domain controller</primary></indexterm>
 As of the release of MS Windows 2000 and Active Directory, this information is now stored
 in a directory that can be replicated and for which partial or full administrative control
-can be delegated. Samba-3 is not able to be a domain controller within an Active Directory
-tree, and it cannot be an Active Directory server. This means that Samba-3 also cannot
-act as a BDC to an Active Directory domain controller.
+can be delegated. Samba-4.0 is able to be a domain controller within an Active Directory
+tree, and it can be an Active Directory server.  The details for how
+this can be done are documented in the <ulink
+url="https://wiki.samba.org/index.php/Samba4/HOWTO">Samba 4.0 as an
+AD DC HOWTO</ulink>
+
 </para>
 
 </sect2>
@@ -554,35 +473,6 @@ The creation of a BDC requires some steps to prepare the Samba server before
 
 <itemizedlist>
 	<listitem><para>
-	<indexterm><primary>SID</primary></indexterm>
-	<indexterm><primary>PDC</primary></indexterm>
-	<indexterm><primary>BDC</primary></indexterm>
-	<indexterm><primary>private/secrets.tdb</primary></indexterm>
-	<indexterm><primary>private/MACHINE.SID</primary></indexterm>
-	<indexterm><primary>domain SID</primary></indexterm>
-	The domain SID has to be the same on the PDC and the BDC. In Samba versions pre-2.2.5, the domain SID was
-	stored in the file <filename>private/MACHINE.SID</filename>.  For all versions of Samba released since 2.2.5
-	the domain SID is stored in the file <filename>private/secrets.tdb</filename>. This file is unique to each
-	server and cannot be copied from a PDC to a BDC; the BDC will generate a new SID at startup. It will overwrite
-	the PDC domain SID with the newly created BDC SID.  There is a procedure that will allow the BDC to acquire the
-	domain SID. This is described here.
-	</para>
-
-	<para>
-	<indexterm><primary>domain SID</primary></indexterm>
-	<indexterm><primary>PDC</primary></indexterm>
-	<indexterm><primary>BDC</primary></indexterm>
-	<indexterm><primary>secrets.tdb</primary></indexterm>
-	<indexterm><primary>net</primary><secondary>rpc</secondary><tertiary>getsid</tertiary></indexterm>
-	To retrieve the domain SID from the PDC or an existing BDC and store it in the
-	<filename>secrets.tdb</filename>, execute:
-	</para>
-<screen>
-&rootprompt;<userinput>net rpc getsid</userinput>
-</screen>
-	</listitem>
-
-	<listitem><para>
 	<indexterm><primary>secrets.tdb</primary></indexterm>
 	<indexterm><primary>smbpasswd</primary></indexterm>
 	<indexterm><primary>LDAP administration password</primary></indexterm>
@@ -623,9 +513,7 @@ The creation of a BDC requires some steps to prepare the Samba server before
 	<indexterm><primary>ssh</primary></indexterm>
 	<indexterm><primary>LDAP</primary></indexterm>
 	The Samba password database must be replicated from the PDC to the BDC.
-	Although it is possible to synchronize the <filename>smbpasswd</filename>
-	file with <command>rsync</command> and <command>ssh</command>, this method
-	is broken and flawed, and is therefore not recommended. A better solution
+        The solution
 	is to set up slave LDAP servers for each BDC and a master LDAP server for the PDC.
 	The use of rsync is inherently flawed by the fact that the data will be replicated
 	at timed intervals. There is no guarantee that the BDC will be operating at all
@@ -804,7 +692,10 @@ No. The native NT4 SAM replication protocols have not yet been fully implemented
 <indexterm><primary>BDC</primary></indexterm>
 <indexterm><primary>PDC</primary></indexterm>
 <indexterm><primary>logon requests</primary></indexterm>
-Can I get the benefits of a BDC with Samba?  Yes, but only to a Samba PDC.The
+Can I get the benefits of a BDC with Samba?  Yes, but only to a Samba
+PDC or as a <ulink
+url="https://wiki.samba.org/index.php/Samba4/HOWTO">Samba 4.0 Active
+Directory domain controller.</ulink>  The
 main reason for implementing a BDC is availability. If the PDC is a Samba
 machine, a second Samba machine can be set up to service logon requests whenever
 the PDC is down.
@@ -812,51 +703,5 @@ the PDC is down.
 
 </sect2>
 
-<sect2>
-<title>How Do I Replicate the smbpasswd File?</title>
-
-<para>
-<indexterm><primary>replication</primary><secondary>SAM</secondary></indexterm>
-<indexterm><primary>smbpasswd</primary></indexterm>
-<indexterm><primary>SAM</primary></indexterm>
-Replication of the smbpasswd file is sensitive. It has to be done whenever changes
-to the SAM are made. Every user's password change is done in the smbpasswd file and
-has to be replicated to the BDC. So replicating the smbpasswd file very often is necessary.
-</para>
-
-<para>
-<indexterm><primary>plaintext password</primary></indexterm>
-<indexterm><primary>ssh</primary></indexterm>
-<indexterm><primary>rsync</primary></indexterm>
-As the smbpasswd file contains plaintext password equivalents, it must not be
-sent unencrypted over the wire. The best way to set up smbpasswd replication from
-the PDC to the BDC is to use the utility rsync. rsync can use ssh as a transport.
-<command>ssh</command> itself can be set up to accept <emphasis>only</emphasis>
-<command>rsync</command> transfer without requiring the user to type a password.
-</para>
-
-<para>
-<indexterm><primary>machine trust accounts</primary></indexterm>
-<indexterm><primary>LDAP</primary></indexterm>
-As said a few times before, use of this method is broken and flawed. Machine trust 
-accounts will go out of sync, resulting in a broken domain. This method is
-<emphasis>not</emphasis> recommended. Try using LDAP instead.
-</para>
-
-</sect2>
-
-<sect2>
-<title>Can I Do This All with LDAP?</title>
-
-<para>
-<indexterm><primary>pdb_ldap</primary></indexterm>
-<indexterm><primary>LDAP</primary></indexterm>
-The simple answer is yes. Samba's pdb_ldap code supports binding to a replica
-LDAP server and will also follow referrals and rebind to the master if it ever
-needs to make a modification to the database. (Normally BDCs are read-only, so
-this will not occur often).
-</para>
-
-</sect2>
 </sect1>
 </chapter>
-- 
1.7.9.5


From 178842fb649c12187ad2f5e8c02f80726b96ee7c Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Fri, 14 Sep 2012 23:08:53 -0700
Subject: [PATCH 12/50] docs: Remove reference to inetd startup, it is not
 recommended

---
 docs-xml/Samba3-HOWTO/TOSHARG-Compiling.xml |   77 +--------------------------
 1 file changed, 1 insertion(+), 76 deletions(-)

diff --git a/docs-xml/Samba3-HOWTO/TOSHARG-Compiling.xml b/docs-xml/Samba3-HOWTO/TOSHARG-Compiling.xml
index ffedeb3..ac866a8 100644
--- a/docs-xml/Samba3-HOWTO/TOSHARG-Compiling.xml
+++ b/docs-xml/Samba3-HOWTO/TOSHARG-Compiling.xml
@@ -267,82 +267,7 @@ gpg: BAD signature from <quote>Samba Distribution Verification Key</quote>
 	</para>
 
 	<sect2>
-	<title>Starting from inetd.conf</title>
-
-	<indexterm><primary>inetd</primary></indexterm>
-	
-	<note>
-	<para>The following will be different if 
-	you use NIS, NIS+, or LDAP to distribute services maps.</para>
-	</note>
-	
-	<para>Look at your <filename>/etc/services</filename>. 
-	What is defined at port 139/tcp? If nothing is defined, 
-	then add a line like this:</para>
-
-	<para><programlisting>netbios-ssn     139/tcp</programlisting></para>
-
-	<para>Similarly for 137/udp, you should have an entry like:</para>
-
-	<para><programlisting>netbios-ns	137/udp</programlisting></para>
-
-	<para>
-	Next, edit your <filename>/etc/inetd.conf</filename> and add two lines like this:
-<programlisting>
-netbios-ssn stream tcp nowait root /usr/local/samba/sbin/smbd smbd 
-netbios-ns dgram udp wait root /usr/local/samba/sbin/nmbd nmbd 
-</programlisting>
-	</para>
-
-<indexterm><primary>/etc/inetd.conf</primary></indexterm>
-	<para>
-	The exact syntax of <filename>/etc/inetd.conf</filename> 
-	varies between UNIXes. Look at the other entries in inetd.conf 
-	for a guide.
-	</para>
-
-	<para>
-	<indexterm><primary>xinetd</primary></indexterm>
-	Some distributions use xinetd instead of inetd. Consult the 
-	xinetd manual for configuration information.
-	</para>
-
-	<note><para>Some UNIXes already have entries like netbios_ns 
-	(note the underscore) in <filename>/etc/services</filename>. 
-	You must edit <filename>/etc/services</filename> or
-	<filename>/etc/inetd.conf</filename> to make them consistent.
-	</para></note>
-
-	<note><para>
-	<indexterm><primary>ifconfig</primary></indexterm>
-	On many systems you may need to use the
-	<smbconfoption name="interfaces"/> option in &smb.conf; to specify
-	the IP address and netmask of your interfaces. Run 
-	<application>ifconfig</application> as root if you do
-	not know what the broadcast is for your net. &nmbd; tries
-	to determine it at runtime, but fails on some UNIXes. 
-	</para></note>
-
-	<warning><para>
-	Many UNIXes only accept around five parameters on the command
-	line in <filename>inetd.conf</filename>.  This means you shouldn't
-	use spaces between the options and arguments, or you should use
-	a script and start the script from <command>inetd</command>.
-	</para></warning>
-
-	<para>
-	Restart <application>inetd</application>, perhaps just send it a HUP,
-	like this:
-<indexterm><primary>killall</primary></indexterm>
-<screen>
-&rootprompt;<userinput>killall -HUP inetd</userinput>
-</screen>
-	</para>
-		
-	</sect2>
-	
-	<sect2>
-	<title>Alternative: Starting &smbd; as a Daemon</title>
+	<title>Starting &smbd; as a Daemon</title>
 		
 	<para>
 	<indexterm><primary>daemon</primary></indexterm>
-- 
1.7.9.5


From 9cdf549ab531e5a12e8d3c3c5a1329825da1bdb8 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Fri, 14 Sep 2012 23:13:33 -0700
Subject: [PATCH 13/50] docs: Clarify TOSHARG-Bugs for 2012

---
 docs-xml/Samba3-HOWTO/TOSHARG-Bugs.xml |   11 ++++-------
 1 file changed, 4 insertions(+), 7 deletions(-)

diff --git a/docs-xml/Samba3-HOWTO/TOSHARG-Bugs.xml b/docs-xml/Samba3-HOWTO/TOSHARG-Bugs.xml
index 0ef2c5c..f6d7ba4 100644
--- a/docs-xml/Samba3-HOWTO/TOSHARG-Bugs.xml
+++ b/docs-xml/Samba3-HOWTO/TOSHARG-Bugs.xml
@@ -32,12 +32,9 @@ us fix it fast.
 </para>
 
 <para>
-<indexterm><primary>comp.protocols.smb</primary></indexterm>
-<indexterm><primary>newsgroup</primary></indexterm>
 <indexterm><primary>configuration problem</primary></indexterm>
-If you post the bug to the comp.protocols.smb
-newsgroup or the mailing list, do not assume that we will read it. If you suspect that your 
-problem is not a bug but a configuration problem, it is better to send 
+If you suspect that your 
+problem is not a bug but a configuration problem, it is best to send 
 it to the Samba mailing list, as there are thousands of other users on
 that list who may be able to help you.
 </para>
@@ -260,10 +257,10 @@ to catch any panics. If <command>smbd</command> seems to be frozen, look for any
 processes. If it is not, and appears to be spinning, find the PID
 of the spinning process and type:
 <screen>
-&rootprompt; gdb /usr/local/samba/sbin/smbd
+&rootprompt; gdb -p PID
 </screen>
 <indexterm><primary>spinning process</primary></indexterm>
-then <quote>attach `pid'</quote> (of the spinning process), then type <quote>bt</quote> to
+then type <quote>bt full</quote> to
 get a backtrace to see where the smbd is in the call path.
 </para>
 
-- 
1.7.9.5


From a2dde54166e959fe64c454c088c652c5df04c9b9 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Sat, 15 Sep 2012 12:53:37 -0700
Subject: [PATCH 14/50] docs: Update FastStart: remove security=share, avoid
 disable spoolss

As I understand it, all printing is via spoolss, so do not disable it!

Andrew Bartlett
---
 docs-xml/Samba3-HOWTO/TOSHARG-FastStart.xml |   22 +++++++++-------------
 1 file changed, 9 insertions(+), 13 deletions(-)

diff --git a/docs-xml/Samba3-HOWTO/TOSHARG-FastStart.xml b/docs-xml/Samba3-HOWTO/TOSHARG-FastStart.xml
index 08f6e49..13a212b 100644
--- a/docs-xml/Samba3-HOWTO/TOSHARG-FastStart.xml
+++ b/docs-xml/Samba3-HOWTO/TOSHARG-FastStart.xml
@@ -182,7 +182,8 @@ of the packages that are provided by the operating system vendor or through othe
 <smbconfsection name="[global]"/>
 <smbconfoption name="workgroup">MIDEARTH</smbconfoption>
 <smbconfoption name="netbios name">HOBBIT</smbconfoption>
-<smbconfoption name="security">share</smbconfoption>
+<smbconfoption name="security">user</smbconfoption>
+<smbconfoption name="map to guest">bad user</smbconfoption>
 
 <smbconfsection name="[data]"/>
 <smbconfoption name="comment">Data</smbconfoption>
@@ -220,7 +221,8 @@ Press enter to see a dump of your service definitions
 [global]
 	workgroup = MIDEARTH
 	netbios name = HOBBIT
-	security = share
+	security = user
+	map to guest = bad user
 
 [data]
 	comment = Data
@@ -286,7 +288,8 @@ Added user jackb.
 <smbconfsection name="[global]"/>
 <smbconfoption name="workgroup">MIDEARTH</smbconfoption>
 <smbconfoption name="netbios name">HOBBIT</smbconfoption>
-<smbconfoption name="security">SHARE</smbconfoption>
+<smbconfoption name="security">USER</smbconfoption>
+<smbconfoption name="map to guest">bad user</smbconfoption>
 
 <smbconfsection name="[data]"/>
 <smbconfoption name="comment">Data</smbconfoption>
@@ -340,10 +343,7 @@ Added user jackb.
 <smbconfsection name="[global]"/>
 <smbconfoption name="workgroup">MIDEARTH</smbconfoption>
 <smbconfoption name="netbios name">LUTHIEN</smbconfoption>
-<smbconfoption name="security">share</smbconfoption>
-<smbconfoption name="printcap name">cups</smbconfoption>
-<smbconfoption name="disable spoolss">Yes</smbconfoption>
-<smbconfoption name="show add printer wizard">No</smbconfoption>
+<smbconfoption name="security">user</smbconfoption>
 <smbconfoption name="printing">cups</smbconfoption>
 
 <smbconfsection name="[printers]"/>
@@ -444,10 +444,8 @@ Added user jackb.
 		is the default, and for which the default is to store Microsoft Windows-compatible
 		encrypted passwords in a file called <filename>/etc/samba/smbpasswd</filename>.
 		The default &smb.conf; entry that makes this happen is
-		<smbconfoption name="passdb backend">smbpasswd, guest</smbconfoption>. Since this is the default,
-		it is not necessary to enter it into the configuration file. Note that the guest backend is
-		added to the list of active passdb backends no matter whether it specified directly in Samba configuration
-		file or not.
+		<smbconfoption name="passdb backend">smbpasswd</smbconfoption>. Since this is the default,
+		it is not necessary to enter it into the configuration file.
 		</para>
 
 
@@ -474,8 +472,6 @@ Added user jackb.
 <smbconfsection name="[global]"/>
 <smbconfoption name="workgroup">MIDEARTH</smbconfoption>
 <smbconfoption name="netbios name">OLORIN</smbconfoption>
-<smbconfoption name="printcap name">cups</smbconfoption>
-<smbconfoption name="disable spoolss">Yes</smbconfoption>
 <smbconfoption name="show add printer wizard">No</smbconfoption>
 <smbconfoption name="printing">cups</smbconfoption>
 
-- 
1.7.9.5


From 7c643751105c08aafe02f93f063c30187ecd3cd9 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Sat, 15 Sep 2012 15:52:47 -0700
Subject: [PATCH 15/50] docs: Remove very outdated TOSHARG-Portability section

---
 docs-xml/Samba3-HOWTO/TOSHARG-Portability.xml |  270 -------------------------
 docs-xml/Samba3-HOWTO/index.xml               |    2 -
 2 files changed, 272 deletions(-)
 delete mode 100644 docs-xml/Samba3-HOWTO/TOSHARG-Portability.xml

diff --git a/docs-xml/Samba3-HOWTO/TOSHARG-Portability.xml b/docs-xml/Samba3-HOWTO/TOSHARG-Portability.xml
deleted file mode 100644
index 533ad5c..0000000
--- a/docs-xml/Samba3-HOWTO/TOSHARG-Portability.xml
+++ /dev/null
@@ -1,270 +0,0 @@
-<?xml version="1.0" encoding="iso-8859-1"?>
-<!DOCTYPE chapter PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
-<chapter id="Portability">
-<chapterinfo>
-	&author.jelmer;
-	&author.jht;
-	<!-- Some other people as well, but there were no author names in the text files this file is based on-->
-</chapterinfo>
-
-<title>Portability</title>
-
-<para>
-<indexterm><primary>platforms</primary></indexterm>
-<indexterm><primary>compatible</primary></indexterm>
-Samba works on a wide range of platforms, but the interface all the 
-platforms provide is not always compatible. This chapter contains 
-platform-specific information about compiling and using Samba.</para>
-
-<sect1>
-<title>HPUX</title>
-
-<para>
-<indexterm><primary>/etc/logingroup</primary></indexterm>
-<indexterm><primary>/etc/group</primary></indexterm>
-Hewlett-Packard's implementation of supplementary groups is nonstandard (for
-historical reasons). There are two group files, <filename>/etc/group</filename> and
-<filename>/etc/logingroup</filename>; the system maps UIDs to numbers using the former, but
-initgroups() reads the latter. Most system admins who know the ropes
-symlink <filename>/etc/group</filename> to <filename>/etc/logingroup</filename>
-(hard-link does not work for reasons too obtuse to go into here). initgroups() will complain if one of the
-groups you're in, in <filename>/etc/logingroup</filename>, has what it considers to be an invalid
-ID, which means outside the range <constant>[0..UID_MAX]</constant>, where <constant>UID_MAX</constant> is
-60000 currently on HP-UX. This precludes -2 and 65534, the usual <constant>nobody</constant>
-GIDs.
-</para>
-
-<para>
-If you encounter this problem, make sure the programs that are failing 
-to initgroups() are run as users, not in any groups with GIDs outside the 
-allowed range.
-</para>
-
-<para>
-This is documented in the HP manual pages under setgroups(2) and passwd(4).
-</para>
-
-<para>
-<indexterm><primary>gcc</primary></indexterm>
-<indexterm><primary>ANSI compiler</primary></indexterm>
-On HP-UX you must use gcc or the HP ANSI compiler. The free compiler
-that comes with HP-UX is not ANSI compliant and cannot compile Samba.
-</para>
-
-</sect1>
-
-<sect1>
-<title>SCO UNIX</title>
-
-<para> 
-If you run an old version of SCO UNIX, you may need to get important 
-TCP/IP patches for Samba to work correctly. Without the patch, you may 
-encounter corrupt data transfers using Samba.
-</para>
-
-<para>
-The patch you need is UOD385 Connection Drivers SLS. It is available from
-SCO <ulink noescape="1" url="ftp://ftp.sco.com/">ftp.sco.com</ulink>, directory SLS,
-files uod385a.Z and uod385a.ltr.Z).
-</para>
-
-<para>
-The information provided here refers to an old version of SCO UNIX. If you require
-binaries for more recent SCO UNIX products, please contact SCO to obtain packages that are
-ready to install. You should also verify with SCO that your platform is up to date for the
-binary packages you will install. This is important if you wish to avoid data corruption
-problems with your installation. To build Samba for SCO UNIX products  may
-require significant patching of Samba source code. It is much easier to obtain binary
-packages directly from SCO.
-</para>
-
-</sect1>
-
-<sect1>
-<title>DNIX</title>
-
-<para>
-DNIX has a problem with seteuid() and setegid(). These routines are
-needed for Samba to work correctly, but they were left out of the DNIX
-C library for some reason.
-</para>
-
-<para>
-For this reason Samba by default defines the macro NO_EID in the DNIX
-section of includes.h. This works around the problem in a limited way,
-but it is far from ideal, and some things still will not work right.
-</para>
-
-<para> 
-To fix the problem properly, you need to assemble the following two
-functions and then either add them to your C library or link them into
-Samba. Put the following in the file <filename>setegid.s</filename>:
-</para>
-
-<para><programlisting>
-        .globl  _setegid
-_setegid:
-        moveq   #47,d0
-        movl    #100,a0
-        moveq   #1,d1
-        movl    4(sp),a1
-        trap    #9
-        bccs    1$
-        jmp     cerror
-1$:
-        clrl    d0
-        rts
-</programlisting></para>
-
-<para>
-Put this in the file <filename>seteuid.s</filename>:
-</para>
-
-<para><programlisting>
-        .globl  _seteuid
-_seteuid:
-        moveq   #47,d0
-        movl    #100,a0
-        moveq   #0,d1
-        movl    4(sp),a1
-        trap    #9
-        bccs    1$
-        jmp     cerror
-1$:
-        clrl    d0
-        rts
-</programlisting></para>
-
-<para>
-After creating the files, you then assemble them using
-</para>
-
-<screen>
-&prompt;<userinput>as seteuid.s</userinput>
-&prompt;<userinput>as setegid.s</userinput>
-</screen>
-
-<para>
-which should produce the files <filename>seteuid.o</filename> and
-<filename>setegid.o</filename>.
-</para>
-
-<para>
-Next you need to add these to the LIBSM line in the DNIX section of
-the Samba Makefile. Your LIBSM line will look something like this:
-</para>
-
-<para><programlisting>
-LIBSM = setegid.o seteuid.o -ln
-</programlisting></para>
-
-<para>
-You should then remove the line:
-</para>
-
-<para><programlisting>
-#define NO_EID
-</programlisting></para>
-
-<para>from the DNIX section of <filename>includes.h</filename>.</para>
-
-</sect1>
-
-<sect1>
-<title>Red Hat Linux</title>
-
-<para>
-By default during installation, some versions of Red Hat Linux add an
-entry to <filename>/etc/hosts</filename> as follows:
-<programlisting>
-127.0.0.1 loopback "hostname"."domainname"
-</programlisting>
-</para>
-
-<para>
-<indexterm><primary>loopback interface</primary></indexterm>
-This causes Samba to loop back onto the loopback interface.
-The result is that Samba fails to communicate correctly with
-the world and therefore may fail to correctly negotiate who
-is the master browse list holder and who is the master browser.
-</para>
-
-<para>
-Corrective action: Delete the entry after the word "loopback"
-in the line starting 127.0.0.1.
-</para>
-</sect1>
-
-<sect1>
-<title>AIX: Sequential Read Ahead</title>
-<!-- From an email by William Jojo <jojowil@hvcc.edu> -->
-<para>
-Disabling sequential read ahead can improve Samba performance significantly
-when there is a relatively high level of multiprogramming (many smbd processes
-or mixed with another workload), not an abundance of physical memory or slower
-disk technology. These can cause AIX to have a higher WAIT values. Disabling
-sequential read-ahead can also have an adverse affect on other workloads in the
-system so you will need to evaluate other applications for impact.
-</para>
-
-<para>
-It is recommended to use the defaults provided by IBM, but if you experience a
-high amount of wait time, try disabling read-ahead with the following commands:
-</para>
-
-<para>
-For AIX 5.1 and earlier: <userinput>vmtune -r 0</userinput>
-</para>
-
-<para>
-For AIX 5.2 and later jfs filesystems: <userinput>ioo -o minpgahead=0</userinput>
-</para>
-
-<para>
-For AIX 5.2 and later jfs2 filesystems: <userinput>ioo -o j2_minPageReadAhead=0</userinput>
-</para>
-
-<para>
-If you have a mix of jfs and jfs2 filesystems on the same host, simply use both
-ioo commands.
-</para>
-</sect1>
-
-<sect1>
-<title>Solaris</title>
-
-<sect2>
-<title>Locking Improvements</title>
-
-<para>Some people have been experiencing problems with F_SETLKW64/fcntl 
-when running Samba on Solaris. The built-in file-locking mechanism was
-not scalable. Performance would degrade to the point where processes would
-get into loops of trying to lock a file. It would try a lock, then fail,
-then try again. The lock attempt was failing before the grant was
-occurring. The visible manifestation of this was a handful of
-processes stealing all of the CPU, and when they were trussed, they would
-be stuck in F_SETLKW64 loops.
-</para>
-
-<para>
-Please check with Sun support for current patches needed to fix this bug.
-The patch revision for 2.6 is 105181-34, for 8 is 108528-19, and for 9 is 112233-04.
-After the installation of these patches, it is recommended to reconfigure
-and rebuild Samba.
-</para>
-
-<para>Thanks to Joe Meslovich for reporting this.</para>
-
-</sect2>
-
-<sect2 id="winbind-solaris9">
-<title>Winbind on Solaris 9</title>
-<para>
-Nsswitch on Solaris 9 refuses to use the Winbind NSS module. This behavior
-is fixed by Sun in patch <ulink
-url="http://sunsolve.sun.com/search/advsearch.do?collection=PATCH&amp;type=collections&amp;max=50&amp;language=en&amp;queryKey5=112960;rev=14&amp;toDocument=yes">112960-14</ulink>.
-</para>
-</sect2>
-</sect1>
-
-</chapter>
diff --git a/docs-xml/Samba3-HOWTO/index.xml b/docs-xml/Samba3-HOWTO/index.xml
index ef463d4..fcf53db 100644
--- a/docs-xml/Samba3-HOWTO/index.xml
+++ b/docs-xml/Samba3-HOWTO/index.xml
@@ -202,8 +202,6 @@ The chapters in this part each cover specific Samba features.
 	<?latex \cleardoublepage ?>
 	<xi:include href="TOSHARG-Compiling.xml"/>
 	<?latex \cleardoublepage ?>
-	<xi:include href="TOSHARG-Portability.xml"/>
-	<?latex \cleardoublepage ?>
 	<xi:include href="TOSHARG-Other-Clients.xml"/>
 	<?latex \cleardoublepage ?>
 	<xi:include href="TOSHARG-Speed.xml"/>
-- 
1.7.9.5


From c900492dda4fcd059a824a5b162388b6b41982e9 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Sat, 15 Sep 2012 15:55:55 -0700
Subject: [PATCH 16/50] docs: Remove very outdated TOSHARG-Other-Clients
 section

---
 docs-xml/Samba3-HOWTO/TOSHARG-Other-Clients.xml |  351 -----------------------
 docs-xml/Samba3-HOWTO/index.xml                 |    2 -
 2 files changed, 353 deletions(-)
 delete mode 100644 docs-xml/Samba3-HOWTO/TOSHARG-Other-Clients.xml

diff --git a/docs-xml/Samba3-HOWTO/TOSHARG-Other-Clients.xml b/docs-xml/Samba3-HOWTO/TOSHARG-Other-Clients.xml
deleted file mode 100644
index 94c3fcc..0000000
--- a/docs-xml/Samba3-HOWTO/TOSHARG-Other-Clients.xml
+++ /dev/null
@@ -1,351 +0,0 @@
-<?xml version="1.0" encoding="iso-8859-1"?>
-<!DOCTYPE chapter PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
-<chapter id="Other-Clients">
-<chapterinfo>
-	&author.jelmer;
-	&author.jht;
-	&author.danshearer;
-	<author>&person.jmcd;<contrib>OS/2</contrib></author>
-	<pubdate>5 Mar 2001</pubdate>
-</chapterinfo>
-
-<title>Samba and Other CIFS Clients</title>
-
-<para>This chapter contains client-specific information.</para>
-
-<sect1>
-<title>Macintosh Clients</title>
-
-<para>
-<indexterm><primary>DAVE</primary></indexterm>
-Yes. <ulink url="http://www.thursby.com/">Thursby</ulink> has a CIFS client/server called <ulink
-url="http://www.thursby.com/products/dave.html">DAVE</ulink>.  They test it against Windows 95, Windows
-NT/200x/XP, and Samba for compatibility issues. At the time of this writing, DAVE was at version 5.1. Please
-refer to Thursby's Web site for more information regarding this product.
-</para>
-
-<para> 
-<indexterm><primary>Netatalk</primary></indexterm>
-<indexterm><primary>CAP</primary></indexterm>
-Alternatives include two free implementations of AppleTalk for several kinds of UNIX machines and several more
-commercial ones.  These products allow you to run file services and print services natively to Macintosh
-users, with no additional support required on the Macintosh. The two free implementations are <ulink
-url="http://www.umich.edu/~rsug/netatalk/">Netatalk</ulink> and <ulink
-url="http://www.cs.mu.oz.au/appletalk/atalk.html">CAP</ulink>.  What Samba offers MS Windows users, these
-packages offer to Macs.  For more info on these packages, Samba, and Linux (and other UNIX-based systems), see
-<ulink noescape="1" url="http://www.eats.com/linux_mac_win.html">http://www.eats.com/linux_mac_win.html.</ulink>
-</para>
-
-<para>Newer versions of the Macintosh (Mac OS X) include Samba.</para>
-
-</sect1>
-
-<sect1>
-<title>OS2 Client</title>
-
-	<sect2>
-		<title>Configuring OS/2 Warp Connect or OS/2 Warp 4</title>
-
-		<para>Basically, you need three components:</para>
-		
-		<itemizedlist>
-			<listitem><para>The File and Print Client (IBM peer)</para></listitem>
-			<listitem><para>TCP/IP (Internet support) </para></listitem>
-			<listitem><para>The <quote>NetBIOS over TCP/IP</quote> driver (TCPBEUI)</para></listitem>
-		</itemizedlist>
-		
-		<para>Installing the first two together with the base operating 
-		system on a blank system is explained in the Warp manual. If Warp 
-		has already been installed, but you now want to install the 
-		networking support, use the <quote>Selective Install for Networking</quote> 
-		object in the <quote>System Setup</quote> folder.</para>
-
-		<para>Adding the <quote>NetBIOS over TCP/IP</quote> driver is not described 
-		in the manual and just barely in the online documentation. Start 
-		<command>MPTS.EXE</command>, click on <guiicon>OK</guiicon>, click on <guimenu>Configure LAPS</guimenu>, and click 
-		on <guimenu>IBM OS/2 NETBIOS OVER TCP/IP</guimenu> in  <guilabel>Protocols</guilabel>. This line 
-		is then moved to <guilabel>Current Configuration</guilabel>. Select that line, 
-		click on <guimenuitem>Change number</guimenuitem>, and increase it from 0 to 1. Save this
-		configuration.</para>
-
-		<para>If the Samba server is not on your local subnet, you 
-		can optionally add IP names and addresses of these servers 
-		to the <guimenu>Names List</guimenu> or specify a  WINS server (NetBIOS 
-		Nameserver in IBM and RFC terminology). For Warp Connect, you 
-		may need to download an update for <constant>IBM Peer</constant> to bring it on 
-		the same level as Warp 4. See the IBM OS/2 Warp Web page</para>
-	</sect2>
-	
-	<sect2>
-		<title>Configuring Other Versions of OS/2</title>
-	
-		<para>This sections deals with configuring OS/2 Warp 3 (not Connect), OS/2 1.2, 1.3 or 2.x.</para>
-		
-		<para>You can use the free Microsoft LAN Manager 2.2c Client for OS/2 that is
-		available from 
-		<ulink noescape="1" url="ftp://ftp.microsoft.com/BusSys/Clients/LANMAN.OS2/">
-		ftp://ftp.microsoft.com/BusSys/Clients/LANMAN.OS2/</ulink>. In a nutshell, edit
-	the file <filename>\OS2VER</filename> in the root directory of the OS/2 boot partition and add the lines:</para>
-		
-		<para><programlisting>
-		20=setup.exe
-		20=netwksta.sys
-		20=netvdd.sys
-		</programlisting></para>
-		
-		<para>before you install the client. Also, do not use the included NE2000 driver because it is buggy.
-		Try the NE2000 or NS2000 driver from <ulink noescape="1" url="ftp://ftp.cdrom.com/pub/os2/network/ndis/">
- 		ftp://ftp.cdrom.com/pub/os2/network/ndis/</ulink> instead.
-		</para>
-	</sect2>
-	
-	<sect2>
-		<title>Printer Driver Download for OS/2 Clients</title>
-
-		<para>Create a share called <smbconfsection name="[PRINTDRV]"/> that is 
-		world-readable. Copy your OS/2 driver files there. The <filename>.EA_</filename>
-		files must still be separate, so you will need to use the original install files
-		and not copy an installed driver from an OS/2 system.</para>
-		
-		<para>Install the NT driver first for that printer. Then, add to your &smb.conf; a parameter,
-		<smbconfoption name="os2 driver map"><replaceable>filename</replaceable></smbconfoption>. 
-		Next, in the file specified by <replaceable>filename</replaceable>, map the 
-		name of the NT driver name to the OS/2 driver name as follows:</para>
-		
-		<para><parameter><replaceable>nt driver name</replaceable> = <replaceable>os2 driver name</replaceable>.<replaceable>device name</replaceable></parameter>, e.g.,</para>
-
-		<para><parameter>
-		HP LaserJet 5L = LASERJET.HP LaserJet 5L</parameter></para>
-
-		<para>You can have multiple drivers mapped in this file.</para>
-	
-		<para>If you only specify the OS/2 driver name, and not the 
-		device name, the first attempt to download the driver will 
-		actually download the files, but the OS/2 client will tell 
-		you the driver is not available. On the second attempt, it 
-		will work. This is fixed simply by adding the device name
-  		 to the mapping, after which it will work on the first attempt.
-		</para>
-	</sect2>
-</sect1>
-
-<sect1>
-<title>Windows for Workgroups</title>
-
-<sect2>
-<title>Latest TCP/IP Stack from Microsoft</title>
-
-<para>Use the latest TCP/IP stack from Microsoft if you use Windows
-for Workgroups. The early TCP/IP stacks had lots of bugs.</para>
-
-<para> 
-Microsoft has released an incremental upgrade to its TCP/IP 32-bit VxD drivers. The latest release can be
-found at ftp.microsoft.com, located in <filename>/Softlib/MSLFILES/TCP32B.EXE</filename>.  There is an
-update.txt file there that describes the problems that were fixed. New files include
-<filename>WINSOCK.DLL</filename>, <filename>TELNET.EXE</filename>, <filename>WSOCK.386</filename>,
-<filename>VNBT.386</filename>, <filename>WSTCP.386</filename>, <filename>TRACERT.EXE</filename>,
-<filename>NETSTAT.EXE</filename>, and <filename>NBTSTAT.EXE</filename>.
-</para>
-
-<para>
-More information about this patch is available in <ulink
-url="http://support.microsoft.com/kb/q99891/">Knowledge Base article 99891</ulink>.
-</para>
-
-</sect2>
-
-<sect2>
-<title>Delete .pwl Files After Password Change</title>
-
-<para>
-Windows for Workgroups does a lousy job with passwords. When you change passwords on either
-the UNIX box or the PC, the safest thing to do is delete the .pwl files in the Windows
-directory. The PC will complain about not finding the files, but will soon get over it,
-allowing you to enter the new password.
-</para>
-
-<para> 
-If you do not do this, you may find that Windows for Workgroups remembers and uses the old
-password, even if you told it a new one.
-</para>
-
-<para> 
-Often Windows for Workgroups will totally ignore a password you give it in a dialog box.
-</para>
-
-</sect2>
-
-<sect2>
-<title>Configuring Windows for Workgroups Password Handling</title>
-
-<para>
-<indexterm><primary>admincfg.exe</primary></indexterm>
-There is a program call <filename>admincfg.exe</filename> on the last disk (disk 8) of the WFW 3.11 disk set.
-To install it, type <userinput>EXPAND A:\ADMINCFG.EX_ C:\WINDOWS\ADMINCFG.EXE</userinput>.  Then add an icon
-for it via the <application>Program Manager</application> <guimenu>New</guimenu> menu.  This program allows
-you to control how WFW handles passwords, Disable Password Caching and so on, for use with <smbconfoption
-name="security">user</smbconfoption>.
-</para>
-
-</sect2>
-
-<sect2>
-<title>Password Case Sensitivity</title>
-
-<para>Windows for Workgroups uppercases the password before sending it to the server.
-UNIX passwords can be case-sensitive though. Check the &smb.conf; information on
-<smbconfoption name="password level"/> to specify what characters
-Samba should try to uppercase when checking.</para>
-
-</sect2>
-
-<sect2>
-<title>Use TCP/IP as Default Protocol</title>
-
-<para>To support print queue reporting, you may find
-that you have to use TCP/IP as the default protocol under
-Windows for Workgroups. For some reason, if you leave NetBEUI as the default,
-it may break the print queue reporting on some systems.
-It is presumably a Windows for Workgroups bug.</para>
-
-</sect2>
-
-<sect2 id="speedimpr">
-<title>Speed Improvement</title>
-
-<para>
-Note that some people have found that setting <parameter>DefaultRcvWindow</parameter> in
-the <smbconfsection name="[MSTCP]"/> section of the 
-<filename>SYSTEM.INI</filename> file under Windows for Workgroups to 3072 gives a
-big improvement.
-</para>
-
-<para>
-My own experience with DefaultRcvWindow is that I get a much better
-performance with a large value (16384 or larger). Other people have
-reported that anything over 3072 slows things down enormously. One
-person even reported a speed drop of a factor of 30 when he went from
-3072 to 8192.
-</para>
-</sect2>
-</sect1>
-
-<sect1>
-<title>Windows 95/98</title>
-
-<para>
-When using Windows 95 OEM SR2, the following updates are recommended where Samba
-is being used. Please note that the changes documented in 
-<link linkend="speedimpr">Speed Improvement</link> will affect you once these
-updates  have been installed.
-</para>
-
-<para> 
-There are more updates than the ones mentioned here. Refer to the
-Microsoft Web site for all currently available updates to your specific version
-of Windows 95.
-</para>
-
-<simplelist>
-<member>Kernel Update: KRNLUPD.EXE</member>
-<member>Ping Fix: PINGUPD.EXE</member>
-<member>RPC Update: RPCRTUPD.EXE</member>
-<member>TCP/IP Update: VIPUPD.EXE</member>
-<member>Redirector Update: VRDRUPD.EXE</member>
-</simplelist>
-
-<para>
-Also, if using <application>MS Outlook,</application> it is desirable to 
-install the <command>OLEUPD.EXE</command> fix. This
-fix may stop your machine from hanging for an extended period when exiting
-Outlook, and you may notice a significant speedup when accessing network
-neighborhood services.
-</para>
-
-<sect2>
-<title>Speed Improvement</title>
-
-<para>
-Configure the Windows 95 TCP/IP registry settings to give better
-performance. I use a program called <command>MTUSPEED.exe</command> that I got off the
-Internet. There are various other utilities of this type freely available.
-</para>
-
-</sect2>
-
-</sect1>
-
-<sect1>
-<title>Windows 2000 Service Pack 2</title>
-
-<para> 
-There are several annoyances with Windows 2000 SP2, one of which
-only appears when using a Samba server to host user profiles
-to Windows 2000 SP2 clients in a Windows domain. This assumes
-that Samba is a member of the domain, but the problem will
-most likely occur if it is not.
-</para>
-
-<para> 
-In order to serve profiles successfully to Windows 2000 SP2 
-clients (when not operating as a PDC), Samba must have 
-<smbconfoption name="nt acl support">no</smbconfoption>
-added to the file share that houses the roaming profiles.
-If this is not done, then the Windows 2000 SP2 client will
-complain about not being able to access the profile (Access 
-Denied) and create multiple copies of it on disk (DOMAIN.user.001,
-DOMAIN.user.002, and so on). See the &smb.conf; man page
-for more details on this option. Also note that the 
-<smbconfoption name="nt acl support"/> parameter was formally a global parameter in
-releases prior to Samba 2.2.2.
-</para>
-
-<para> 
-<link linkend="minimalprofile">Following example</link> provides a minimal profile share.
-</para>
-
-<example id="minimalprofile">
-<title>Minimal Profile Share</title>
-<smbconfblock>
-<smbconfsection name="[profile]"/>
-<smbconfoption name="path">/export/profile</smbconfoption>
-<smbconfoption name="create mask">0600</smbconfoption>
-<smbconfoption name="directory mask">0700</smbconfoption>
-<smbconfoption name="nt acl support">no</smbconfoption>
-<smbconfoption name="read only">no</smbconfoption>
-</smbconfblock>
-</example>
-
-<para>
-The reason for this bug is that the Windows 200x SP2 client copies
-the security descriptor for the profile that contains
-the Samba server's SID, and not the domain SID. The client
-compares the SID for SAMBA\user and realizes it is
-different from the one assigned to DOMAIN\user; hence,
-<errorname>access denied</errorname> message.
-</para>
-
-<para>
-When the <smbconfoption name="nt acl support"/> parameter is disabled, Samba will send
-the Windows 200x client a response to the QuerySecurityDescriptor trans2 call, which causes the client
-to set a default ACL for the profile. This default ACL includes:
-</para>
-
-<para><emphasis>DOMAIN\user 	<quote>Full Control</quote></emphasis>></para>
-
-<note><para>This bug does not occur when using Winbind to
-create accounts on the Samba host for Domain users.</para></note>
-
-</sect1>
-
-<sect1>
-<title>Windows NT 3.1</title>
-
-<para>If you have problems communicating across routers with Windows 
-NT 3.1 workstations, read <ulink url="http://support.microsoft.com/default.aspx?scid=kb;Q103765">this Microsoft Knowledge Base article:</ulink>.
-
-</para>
-
-</sect1>
-
-</chapter>
diff --git a/docs-xml/Samba3-HOWTO/index.xml b/docs-xml/Samba3-HOWTO/index.xml
index fcf53db..b2af47a 100644
--- a/docs-xml/Samba3-HOWTO/index.xml
+++ b/docs-xml/Samba3-HOWTO/index.xml
@@ -202,8 +202,6 @@ The chapters in this part each cover specific Samba features.
 	<?latex \cleardoublepage ?>
 	<xi:include href="TOSHARG-Compiling.xml"/>
 	<?latex \cleardoublepage ?>
-	<xi:include href="TOSHARG-Other-Clients.xml"/>
-	<?latex \cleardoublepage ?>
 	<xi:include href="TOSHARG-Speed.xml"/>
 	<?latex \cleardoublepage ?>
 	<xi:include href="TOSHARG-SecureLDAP.xml"/>
-- 
1.7.9.5


From 8a8b7793cf797b4fbb0af5a58b0538bd91bc3594 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Mon, 17 Sep 2012 11:54:25 -0700
Subject: [PATCH 17/50] docs: Remove references to sysv-style CUPS from
 TOSHARG-CUPS-printing

This also simplifies the cups config by not duplicating the printcap name parameter
that is already set by default when printing=cups is set.

Andrew Bartlett
---
 docs-xml/Samba3-HOWTO/TOSHARG-CUPS-printing.xml |   75 +++--------------------
 1 file changed, 8 insertions(+), 67 deletions(-)

diff --git a/docs-xml/Samba3-HOWTO/TOSHARG-CUPS-printing.xml b/docs-xml/Samba3-HOWTO/TOSHARG-CUPS-printing.xml
index d0258fb..807334e 100644
--- a/docs-xml/Samba3-HOWTO/TOSHARG-CUPS-printing.xml
+++ b/docs-xml/Samba3-HOWTO/TOSHARG-CUPS-printing.xml
@@ -98,9 +98,7 @@
 <indexterm><primary>/etc/printcap</primary></indexterm>
 <indexterm><primary>Printcap</primary></indexterm>
 <indexterm><primary>PrintcapFormat</primary></indexterm>
-Printing with CUPS in the most basic &smb.conf; setup in Samba-3.0 (as was true for 2.2.x) requires just two
-parameters: <smbconfoption name="printing">cups</smbconfoption> and <smbconfoption
-name="printcap">cups</smbconfoption>. CUPS does not need a printcap file.  However, the
+Printing with CUPS in the most basic &smb.conf; setup in Samba requires just this parameter: <smbconfoption name="printing">cups</smbconfoption>. CUPS does not need a printcap file.  However, the
 <filename>cupsd.conf</filename> configuration file knows of two related directives that control how such a
 file will be automatically created and maintained by CUPS for the convenience of third-party applications
 (example: <parameter>Printcap /etc/printcap</parameter> and <parameter>PrintcapFormat BSD</parameter>).
@@ -116,52 +114,13 @@ url="http://localhost:631/documentation.html">CUPS</ulink> web site.
 
 	<para>
 <indexterm><primary>libcups.so</primary></indexterm>
-	Samba has a special relationship to CUPS. Samba can be compiled with CUPS library support.
+	Samba has a special relationship to CUPS, and to use CUPS Samba must be compiled with CUPS library support.
 	Most recent installations have this support enabled. By default, CUPS linking is compiled
-	into smbd and other Samba binaries. Of course, you can use CUPS even
-	if Samba is not linked against <filename>libcups.so</filename> &smbmdash; but
-	there are some differences in required or supported configuration.
+	into smbd and other Samba binaries.  The parameter
+	<smbconfoption name="printing">cups</smbconfoption> will only
+	be accepted if this is the case.
 	</para>
 
-	<para>
-<indexterm><primary>libcups</primary></indexterm>
-<indexterm><primary>ldd</primary></indexterm>
-	When Samba is compiled and linked with <filename>libcups</filename>, <smbconfoption name="printcap">cups</smbconfoption>
-	uses the CUPS API to list printers, submit jobs, query queues, and so on. Otherwise it maps to the System V
-	commands with an additional <command>-oraw</command> option for printing. On a Linux
-	system, you can use the <command>ldd</command> utility to find out if smbd has been linked with the
-	libcups library (<command>ldd</command> may not be present on other OS platforms, or its function may be embodied
-	by a different command):
-<screen>
-&rootprompt;<userinput>ldd `which smbd`</userinput>
-libssl.so.0.9.6 =&gt; /usr/lib/libssl.so.0.9.6 (0x4002d000)
-libcrypto.so.0.9.6 =&gt; /usr/lib/libcrypto.so.0.9.6 (0x4005a000)
-libcups.so.2 =&gt; /usr/lib/libcups.so.2 (0x40123000)
-[....]
-</screen>
-	</para>
-
-	<para>
-<indexterm><primary>libcups.so.2</primary></indexterm>
-	The line <computeroutput>libcups.so.2 =&gt; /usr/lib/libcups.so.2 (0x40123000)</computeroutput> shows
-	there is CUPS support compiled into this version of Samba. If this is the case, and printing = cups
-	is set, then <emphasis>any otherwise manually set print command in &smb.conf; is ignored</emphasis>.
-	This is an important point to remember!
-	</para>
-
-	<tip><para> Should it be necessary, for any reason, to set your own print commands, you can do this by setting
-	<smbconfoption name="printing">sysv</smbconfoption>. However, you will lose all the benefits
-	of tight CUPS-Samba integration. When you do this, you must manually configure the printing system commands
-	(most important: 
-	<smbconfoption name="print command"/>; other commands are
-	<smbconfoption name="lppause command"/>,
-	<smbconfoption name="lpresume command"/>,
-	<smbconfoption name="lpq command"/>,
-	<smbconfoption name="lprm command"/>,
-	<smbconfoption name="queuepause command"/> and
-	<smbconfoption name="queue resume command"/>).
-	</para></tip>
-
 	</sect2>
 
 	<sect2>
@@ -179,7 +138,6 @@ libcups.so.2 =&gt; /usr/lib/libcups.so.2 (0x40123000)
 	<smbconfsection name="[global]"/>
 	<smbconfoption name="load printers">yes</smbconfoption>
 	<smbconfoption name="printing">cups</smbconfoption>
-	<smbconfoption name="printcap name">cups</smbconfoption>
 
 	<smbconfsection name="[printers]"/>
 	<smbconfoption name="comment">All Printers</smbconfoption>
@@ -222,7 +180,6 @@ libcups.so.2 =&gt; /usr/lib/libcups.so.2 (0x40123000)
 	<smbconfblock>
 	<smbconfsection name="[global]"/>
 	<smbconfoption name="printing">cups</smbconfoption>
-	<smbconfoption name="printcap name">cups</smbconfoption>
 	<smbconfoption name="load printers">yes</smbconfoption>
 
 	<smbconfsection name="[printers]"/>
@@ -2198,18 +2155,14 @@ file <parameter>[global]</parameter> section:
 
 <smbconfblock>
 <smbconfoption name="printing">cups</smbconfoption>
-<smbconfoption name="printcap">cups</smbconfoption>
 </smbconfblock>
 
 <para>
 When these parameters are specified, all manually set print directives (like <smbconfoption name="print
 command"/> or <smbconfoption name="lppause command"/>) in &smb.conf; (as well as in Samba itself) will be
-ignored. Instead, Samba will directly interface with CUPS through its application program interface (API), as
-long as Samba has been compiled with CUPS library (libcups) support. If Samba has not been compiled with CUPS
-support, and if no other print commands are set up, then printing will use the <emphasis>System V</emphasis>
-AT&amp;T command set, with the -oraw option automatically passing through (if you want your own defined print
-commands to work with a Samba server that has CUPS support compiled in, simply use <smbconfoption
-name="classicalprinting">sysv</smbconfoption>). This is illustrated in <link linkend="f13small">the Printing via
+ignored. Instead, Samba will directly interface with CUPS through its
+application program interface (API). 
+This is illustrated in <link linkend="f13small">the Printing via
 CUPS/Samba Server diagram</link>.
 </para>
 
@@ -4732,8 +4685,6 @@ For everything to work as it should, you need to have three things:
 	<listitem><para>A Samba-&smb.conf; setting of
 			<smbconfoption name="printing">cups</smbconfoption>.</para></listitem>
 
-	<listitem><para>Another Samba &smb.conf; setting of
-			<smbconfoption name="printcap">cups</smbconfoption>.</para></listitem>
 </itemizedlist>
 
 <note><para>
@@ -4747,16 +4698,6 @@ influence whatsoever on your printing.
 </para></note>
 </sect2>
 
-<sect2>
-<title>Manual Configuration</title>
-
-<para>
-If you want to do things manually, replace the <smbconfoption name="printing">cups</smbconfoption>
-by <smbconfoption name="printing">bsd</smbconfoption>. Then your manually set commands may work
-(I haven't tested this), and a <smbconfoption name="print command">lp -d %P %s; rm %s</smbconfoption>
-may do what you need.
-</para>
-</sect2>
 </sect1>
 
 <sect1>
-- 
1.7.9.5


From c64244237f49ab5fc3db0accdaab58f3ca58e8dd Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Mon, 17 Sep 2012 11:55:12 -0700
Subject: [PATCH 18/50] docs: Remove references to mulitple passdb backends

These are long-gone and confusing.

Andrew Bartlett
---
 docs-xml/Samba3-HOWTO/TOSHARG-Passdb.xml |   29 -----------------------------
 1 file changed, 29 deletions(-)

diff --git a/docs-xml/Samba3-HOWTO/TOSHARG-Passdb.xml b/docs-xml/Samba3-HOWTO/TOSHARG-Passdb.xml
index c1738e3..54e0041 100644
--- a/docs-xml/Samba3-HOWTO/TOSHARG-Passdb.xml
+++ b/docs-xml/Samba3-HOWTO/TOSHARG-Passdb.xml
@@ -20,16 +20,6 @@
 <title>Account Information Databases</title>
 
 <para>
-<indexterm><primary>account backends</primary></indexterm>
-<indexterm><primary>password backends</primary></indexterm>
-<indexterm><primary>scalability</primary></indexterm>
-<indexterm><primary>ADS</primary></indexterm>
-Early releases of Samba-3 implemented new capability to work concurrently with multiple account backends. This
-capability was removed beginning with release of Samba 3.0.23. Commencing with Samba 3.0.23 it is possible to
-work with only one specified passwd backend.
-</para>
-
-<para>
 <indexterm><primary>passdb backend</primary></indexterm>
 <indexterm><primary>smbpasswd</primary></indexterm>
 <indexterm><primary>tdbsam</primary></indexterm>
@@ -1654,25 +1644,6 @@ regarding this facility.
 <sect1>
 <title>Password Backends</title>
 
-<para>
-<indexterm><primary>account database</primary></indexterm>
-<indexterm><primary>SMB/CIFS server</primary></indexterm>
-Samba offers flexibility in backend account database design. The flexibility is immediately obvious as one
-begins to explore this capability. Recent changes to Samba (since 3.0.23) have removed the mulitple backend
-feature in order to simplify problems that broke some installations. This removal has made the internal
-operation of Samba-3 more consistent and predictable.
-</para>
-
-<para>
-<indexterm><primary>multiple backends</primary></indexterm>
-<indexterm><primary>tdbsam databases</primary></indexterm>
-Beginning with Samba 3.0.23 it is no longer possible to specify use of mulitple passdb backends. Earlier
-versions of Samba-3 made it possible to specify multiple password backends, and even multiple
-backends of the same type. The multiple passdb backend capability caused many problems with name to SID and
-SID to name ID resolution.  The Samba team wrestled with the challenges and decided that this feature needed
-to be removed.
-</para>
-
 	<sect2>
 	<title>Plaintext</title>
 
-- 
1.7.9.5


From 9a1f91ab04f1049b0a7f5f9d5ed72d81114254d5 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Mon, 17 Sep 2012 11:56:08 -0700
Subject: [PATCH 19/50] docs: Remove references to specific windows versions,
 instead mention Home/Professional/Server

The flavours of windows seem to last longer than the individual products.

Andrew Bartlett
---
 docs-xml/Samba3-HOWTO/TOSHARG-Passdb.xml |    9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/docs-xml/Samba3-HOWTO/TOSHARG-Passdb.xml b/docs-xml/Samba3-HOWTO/TOSHARG-Passdb.xml
index 54e0041..5d4b108 100644
--- a/docs-xml/Samba3-HOWTO/TOSHARG-Passdb.xml
+++ b/docs-xml/Samba3-HOWTO/TOSHARG-Passdb.xml
@@ -314,10 +314,10 @@ Samba-3 introduces a number of new password backend capabilities.
 
 		<note>
 		<para>
-<indexterm><primary>Windows XP Home</primary></indexterm>
+<indexterm><primary>Windows Home edition</primary></indexterm>
 <indexterm><primary>domain member</primary></indexterm>
 <indexterm><primary>domain logons</primary></indexterm>
- 		MS Windows XP Home does not have facilities to become a domain member, and it cannot participate in domain logons.
+ 		MS Windows Home editions do not have facilities to become a domain member, and cannot participate in domain logons.
 		</para>
 		</note>
 
@@ -328,9 +328,8 @@ Samba-3 introduces a number of new password backend capabilities.
 		<itemizedlist>
 			<listitem><para>Windows NT 3.5x.</para></listitem>
 			<listitem><para>Windows NT 4.0.</para></listitem>
-			<listitem><para>Windows 2000 Professional.</para></listitem>
-			<listitem><para>Windows 200x Server/Advanced Server.</para></listitem>
-			<listitem><para>Windows XP Professional.</para></listitem>
+			<listitem><para>Windows editions labeled Professional.</para></listitem>
+			<listitem><para>Windows editions laveled Server/Advanced Server.</para></listitem>
 		</itemizedlist>
 
 		<para>
-- 
1.7.9.5


From dc5eb755d0ebf518c154f28c2dbbc4c67a32d2cd Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Mon, 17 Sep 2012 11:56:28 -0700
Subject: [PATCH 20/50] docs: Remove another reference to security=share

---
 docs-xml/Samba3-HOWTO/TOSHARG-Passdb.xml |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs-xml/Samba3-HOWTO/TOSHARG-Passdb.xml b/docs-xml/Samba3-HOWTO/TOSHARG-Passdb.xml
index 5d4b108..ac9bebc 100644
--- a/docs-xml/Samba3-HOWTO/TOSHARG-Passdb.xml
+++ b/docs-xml/Samba3-HOWTO/TOSHARG-Passdb.xml
@@ -385,7 +385,7 @@ Samba-3 introduces a number of new password backend capabilities.
 <indexterm><primary>password prompt</primary></indexterm>
 <indexterm><primary>SMB encryption</primary></indexterm>
 				Windows NT does not like talking to a server that does not support encrypted passwords. It will refuse to
-				browse the server if the server is also in user-level security mode. It will insist on prompting the user for
+				browse the server. It will insist on prompting the user for
 				the password on each connection, which is very annoying. The only thing you can do to stop this is to use SMB
 				encryption.
 				</para></listitem>
-- 
1.7.9.5


From e8300d8e63fc444fb9bdaf3770f567ff35447550 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Sun, 23 Sep 2012 03:09:32 +1000
Subject: [PATCH 21/50] docs: Update TOSHARG-Install

- winbindd runs as many processes now
- open_oplock_ipc errors do not happen any more, we do not use UDP messaging any more.

Andrew Bartlett
---
 docs-xml/Samba3-HOWTO/TOSHARG-Install.xml |   20 ++------------------
 1 file changed, 2 insertions(+), 18 deletions(-)

diff --git a/docs-xml/Samba3-HOWTO/TOSHARG-Install.xml b/docs-xml/Samba3-HOWTO/TOSHARG-Install.xml
index 673ba93..88e0ed8 100644
--- a/docs-xml/Samba3-HOWTO/TOSHARG-Install.xml
+++ b/docs-xml/Samba3-HOWTO/TOSHARG-Install.xml
@@ -657,24 +657,8 @@ The following questions and issues are raised repeatedly on the Samba mailing li
 	</para>
 
 	<para>
-	&winbindd; will run as one or two daemons, depending on whether or not it is being
-	run in <emphasis>split mode</emphasis> (in which case there will be two instances).
-	</para>
-
-	</sect2>
-
-	<sect2>
-		<title>Error Message: open_oplock_ipc</title>
-
-	<para>
-	An error message is observed in the log files when &smbd; is started: <quote>open_oplock_ipc: Failed to
-	get local UDP socket for address 100007f. Error was Cannot assign requested.</quote>
-	</para>
-
-	<para>
-	Your loopback device isn't working correctly. Make sure it is configured correctly. The loopback
-	device is an internal (virtual) network device with the IP address <emphasis>127.0.0.1</emphasis>.
-	Read your OS documentation for details on how to configure the loopback on your system.
+	&winbindd; will run as many processes depending in part on how many
+	domains it needs to contact.
 	</para>
 
 	</sect2>
-- 
1.7.9.5


From 99589476a09aa5f1ca89339e48f8cd19a464239a Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Tue, 25 Sep 2012 11:04:14 +1000
Subject: [PATCH 22/50] docs: Fix typo in TOSHARG-Passdb

---
 docs-xml/Samba3-HOWTO/TOSHARG-Passdb.xml |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs-xml/Samba3-HOWTO/TOSHARG-Passdb.xml b/docs-xml/Samba3-HOWTO/TOSHARG-Passdb.xml
index ac9bebc..427313a 100644
--- a/docs-xml/Samba3-HOWTO/TOSHARG-Passdb.xml
+++ b/docs-xml/Samba3-HOWTO/TOSHARG-Passdb.xml
@@ -329,7 +329,7 @@ Samba-3 introduces a number of new password backend capabilities.
 			<listitem><para>Windows NT 3.5x.</para></listitem>
 			<listitem><para>Windows NT 4.0.</para></listitem>
 			<listitem><para>Windows editions labeled Professional.</para></listitem>
-			<listitem><para>Windows editions laveled Server/Advanced Server.</para></listitem>
+			<listitem><para>Windows editions labeled Server/Advanced Server.</para></listitem>
 		</itemizedlist>
 
 		<para>
-- 
1.7.9.5


From d488b44fc90f2c4f45868fbb6fe6da10d6812b14 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Tue, 25 Sep 2012 11:05:01 +1000
Subject: [PATCH 23/50] docs: Remove mention of auth methods in TOSHARG-Passdb

This is not connected to the passdb system, and we should not encourage setting of auth methods
in any case.

Andrew Bartlett
---
 docs-xml/Samba3-HOWTO/TOSHARG-Passdb.xml |   12 ------------
 1 file changed, 12 deletions(-)

diff --git a/docs-xml/Samba3-HOWTO/TOSHARG-Passdb.xml b/docs-xml/Samba3-HOWTO/TOSHARG-Passdb.xml
index 427313a..456c7ce 100644
--- a/docs-xml/Samba3-HOWTO/TOSHARG-Passdb.xml
+++ b/docs-xml/Samba3-HOWTO/TOSHARG-Passdb.xml
@@ -2605,18 +2605,6 @@ sambaNTPassword: 878D8014606CDA29677A44EFA1353FC7
 		Read the <link linkend="acctmgmttools">Account Management Tools</link> for details.</para>
 
 	</sect2>
-
-	<sect2>
-	<title>Configuration of <parameter>auth methods</parameter></title>
-
-	<para>
-	When explicitly setting an <smbconfoption name="auth methods"/> parameter,
-	<parameter>guest</parameter> must be specified as the first entry on the line &smbmdash;
-	for example, <smbconfoption name="auth methods">guest sam</smbconfoption>.
-	</para>
-
-	</sect2>
-
 </sect1>
 
 </chapter>
-- 
1.7.9.5


From ca7b843b9ec5902b2e2fe52ebb74725d0565540b Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Tue, 25 Sep 2012 11:05:37 +1000
Subject: [PATCH 24/50] docs: Change TOSHARG-VFS to avoid suggesting VFS
 modules are Linux/IRIX only

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Sep 25 08:27:15 CEST 2012 on sn-devel-104
---
 docs-xml/Samba3-HOWTO/TOSHARG-VFS.xml |    3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/docs-xml/Samba3-HOWTO/TOSHARG-VFS.xml b/docs-xml/Samba3-HOWTO/TOSHARG-VFS.xml
index 933efb5..84ee82d 100644
--- a/docs-xml/Samba3-HOWTO/TOSHARG-VFS.xml
+++ b/docs-xml/Samba3-HOWTO/TOSHARG-VFS.xml
@@ -34,8 +34,7 @@ modules that come with the Samba source and provides references to some external
 <indexterm><primary>IRIX</primary></indexterm>
 <indexterm><primary>GNU/Linux</primary></indexterm>
 If not supplied with your platform distribution binary Samba package, you may have problems compiling these
-modules, as shared libraries are compiled and linked in different ways on different systems. They currently
-have been tested against GNU/Linux and IRIX.
+modules, as shared libraries are compiled and linked in different ways on different systems.
 </para>
 
 <para>
-- 
1.7.9.5


From bfe6bdd8d2b5f6d3d4e7070086e65c13e8733eac Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bj=C3=B6rn=20Baumbach?= <bb@sernet.de>
Date: Tue, 2 Oct 2012 11:37:11 +0200
Subject: [PATCH 25/50] s3-docs: add delete_lost option to vfs_streams_depot.8

Signed-off-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Oct  3 18:10:14 CEST 2012 on sn-devel-104
---
 docs-xml/manpages/vfs_streams_depot.8.xml |   19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/docs-xml/manpages/vfs_streams_depot.8.xml b/docs-xml/manpages/vfs_streams_depot.8.xml
index 78b5fd3..639428b 100644
--- a/docs-xml/manpages/vfs_streams_depot.8.xml
+++ b/docs-xml/manpages/vfs_streams_depot.8.xml
@@ -52,6 +52,25 @@
 		</listitem>
 		</varlistentry>
 
+		<varlistentry>
+		<term>streams_depot:delete_lost = [ yes | no ]</term>
+		<listitem>
+		<para>In the case of an already existing data streams directory
+		for a newly created file the streams directory will be renamed
+		to "lost-%lu", random(). With this option lost stream directories
+		will be removed	instead of renamed.</para>
+		<itemizedlist>
+		<listitem><para>
+		<command>no(default)</command> - rename lost streams to
+		"lost-%lu", random().
+		</para></listitem>
+		<listitem><para>
+		<command>yes</command> - remove lost streams.
+		</para></listitem>
+		</itemizedlist>
+		</listitem>
+		</varlistentry>
+
 	</variablelist>
 </refsect1>
 
-- 
1.7.9.5


From 48d1653f9a2cdb0252b873abb1873475de57d174 Mon Sep 17 00:00:00 2001
From: Jelmer Vernooij <jelmer@samba.org>
Date: Wed, 26 Sep 2012 01:31:37 +0200
Subject: [PATCH 26/50] undocumented: Drop extension from helper scripts.

---
 docs-xml/Makefile                         |    6 +--
 docs-xml/scripts/find_missing_doc         |   62 +++++++++++++++++++++++++++++
 docs-xml/scripts/find_missing_doc.pl      |   62 -----------------------------
 docs-xml/scripts/find_missing_manpages    |   39 ++++++++++++++++++
 docs-xml/scripts/find_missing_manpages.pl |   39 ------------------
 5 files changed, 104 insertions(+), 104 deletions(-)
 create mode 100755 docs-xml/scripts/find_missing_doc
 delete mode 100755 docs-xml/scripts/find_missing_doc.pl
 create mode 100755 docs-xml/scripts/find_missing_manpages
 delete mode 100755 docs-xml/scripts/find_missing_manpages.pl

diff --git a/docs-xml/Makefile b/docs-xml/Makefile
index 0feab24..0b4e880 100644
--- a/docs-xml/Makefile
+++ b/docs-xml/Makefile
@@ -260,9 +260,9 @@ $(PEARSONDIR)/%.report.html: $(PEARSONDIR)/%.xml
 	cd $(<D) && $(XMLLINT) --xinclude --noent --postvalid --noout $(<F)
 
 # Find undocumented parameters
-undocumented: $(SMBDOTCONFDOC)/parameters.all.xml scripts/find_missing_doc.pl scripts/find_missing_manpages.pl
-	$(PERL) scripts/find_missing_doc.pl $(SRCDIR)
-	$(PERL) scripts/find_missing_manpages.pl $(SRCDIR)/source3
+undocumented: $(SMBDOTCONFDOC)/parameters.all.xml scripts/find_missing_doc scripts/find_missing_manpages
+	$(PERL) scripts/find_missing_doc $(SRCDIR)
+	$(PERL) scripts/find_missing_manpages $(SRCDIR)/source3
 
 samples: $(DOCBOOKDIR)/Samba3-HOWTO.xml xslt/extract-examples.xsl scripts/indent-smb.conf.pl
 	@mkdir -p examples
diff --git a/docs-xml/scripts/find_missing_doc b/docs-xml/scripts/find_missing_doc
new file mode 100755
index 0000000..6ce547b
--- /dev/null
+++ b/docs-xml/scripts/find_missing_doc
@@ -0,0 +1,62 @@
+#!/usr/bin/perl
+
+my %doc;
+
+$topdir = (shift @ARGV) or $topdir = ".";
+
+##################################################
+# Reading links from manpage
+
+$curdir = $ENV{PWD};
+
+chdir("smbdotconf");
+
+open(IN,"xsltproc --xinclude --param smb.context ALL generate-context.xsl parameters.all.xml|");
+
+while(<IN>) {
+	if( /<samba:parameter .*?name="([^"]*?)"/g ){
+		my $name = $1;
+	    $name =~ s/ //g;
+		$doc{$name} = "NOTFOUND";
+	}
+}
+
+close(IN);
+
+chdir($curdir);
+
+#################################################
+# Reading entries from source code
+
+
+open(SOURCE,"$topdir/lib/param/param_table.c") or die("Can't open $topdir/lib/param/param_table.c: $!");
+
+while ($ln = <SOURCE>) {
+  last if $ln =~ m/^static\ struct\ parm_struct\ parm_table.*/;
+} #burn through the preceding lines
+
+while ($ln = <SOURCE>) {
+  last if $ln =~ m/^\s*\}\;\s*$/;
+  #pull in the param names only
+  next if $ln =~ m/.*P_SEPARATOR.*/;
+  next unless $ln =~ /\s*\.label\s*=\s*\"(.*)\".*/;
+
+  my $name = $1;
+  $name =~ s/ //g;
+
+  if($doc{lc($name)}) {
+	$doc{lc($name)} = "FOUND";
+  } else {
+	print "'$name' is not documented\n";
+  }
+}
+close SOURCE;
+
+##################################################
+# Trying to find missing references
+
+foreach (keys %doc) {
+	if($doc{$_} cmp "FOUND") {
+		print "'$_' is documented but is not a configuration option\n";
+	}
+}
diff --git a/docs-xml/scripts/find_missing_doc.pl b/docs-xml/scripts/find_missing_doc.pl
deleted file mode 100755
index 6ce547b..0000000
--- a/docs-xml/scripts/find_missing_doc.pl
+++ /dev/null
@@ -1,62 +0,0 @@
-#!/usr/bin/perl
-
-my %doc;
-
-$topdir = (shift @ARGV) or $topdir = ".";
-
-##################################################
-# Reading links from manpage
-
-$curdir = $ENV{PWD};
-
-chdir("smbdotconf");
-
-open(IN,"xsltproc --xinclude --param smb.context ALL generate-context.xsl parameters.all.xml|");
-
-while(<IN>) {
-	if( /<samba:parameter .*?name="([^"]*?)"/g ){
-		my $name = $1;
-	    $name =~ s/ //g;
-		$doc{$name} = "NOTFOUND";
-	}
-}
-
-close(IN);
-
-chdir($curdir);
-
-#################################################
-# Reading entries from source code
-
-
-open(SOURCE,"$topdir/lib/param/param_table.c") or die("Can't open $topdir/lib/param/param_table.c: $!");
-
-while ($ln = <SOURCE>) {
-  last if $ln =~ m/^static\ struct\ parm_struct\ parm_table.*/;
-} #burn through the preceding lines
-
-while ($ln = <SOURCE>) {
-  last if $ln =~ m/^\s*\}\;\s*$/;
-  #pull in the param names only
-  next if $ln =~ m/.*P_SEPARATOR.*/;
-  next unless $ln =~ /\s*\.label\s*=\s*\"(.*)\".*/;
-
-  my $name = $1;
-  $name =~ s/ //g;
-
-  if($doc{lc($name)}) {
-	$doc{lc($name)} = "FOUND";
-  } else {
-	print "'$name' is not documented\n";
-  }
-}
-close SOURCE;
-
-##################################################
-# Trying to find missing references
-
-foreach (keys %doc) {
-	if($doc{$_} cmp "FOUND") {
-		print "'$_' is documented but is not a configuration option\n";
-	}
-}
diff --git a/docs-xml/scripts/find_missing_manpages b/docs-xml/scripts/find_missing_manpages
new file mode 100755
index 0000000..cd8ed87
--- /dev/null
+++ b/docs-xml/scripts/find_missing_manpages
@@ -0,0 +1,39 @@
+#!/usr/bin/perl
+
+my %doc;
+
+$invar = 0;
+
+$topdir = (shift @ARGV) or $topdir = ".";
+
+$progs = "";
+
+open(IN, "$topdir/Makefile.in");
+while(<IN>) {
+	if($invar && /^([ \t]*)(.*?)([\\])$/) {
+		$progs.=" " . $2;
+		if($4) { $invar = 1; } else { $invar = 0; }
+	} elsif(/^([^ ]*)_PROGS([0-9]*) = (.*?)([\\])$/) {
+		$progs.=" " . $3;
+		if($4) { $invar = 1; }
+	} else { $invar = 0; }
+}
+
+$progs =~ s/@([^@]+)@//g;
+
+foreach(split(/bin\//, $progs)) {
+	next if($_ eq " ");
+	s/ //g;
+
+	$f = $_;
+	
+	$found = 0;
+
+	for($i = 0; $i < 9; $i++) {
+		if(-e "manpages/$f.$i.xml") { $found = 1; }
+	}
+
+	if(!$found) {
+		print "'$f' does not have a manpage\n";
+	}
+}
diff --git a/docs-xml/scripts/find_missing_manpages.pl b/docs-xml/scripts/find_missing_manpages.pl
deleted file mode 100755
index cd8ed87..0000000
--- a/docs-xml/scripts/find_missing_manpages.pl
+++ /dev/null
@@ -1,39 +0,0 @@
-#!/usr/bin/perl
-
-my %doc;
-
-$invar = 0;
-
-$topdir = (shift @ARGV) or $topdir = ".";
-
-$progs = "";
-
-open(IN, "$topdir/Makefile.in");
-while(<IN>) {
-	if($invar && /^([ \t]*)(.*?)([\\])$/) {
-		$progs.=" " . $2;
-		if($4) { $invar = 1; } else { $invar = 0; }
-	} elsif(/^([^ ]*)_PROGS([0-9]*) = (.*?)([\\])$/) {
-		$progs.=" " . $3;
-		if($4) { $invar = 1; }
-	} else { $invar = 0; }
-}
-
-$progs =~ s/@([^@]+)@//g;
-
-foreach(split(/bin\//, $progs)) {
-	next if($_ eq " ");
-	s/ //g;
-
-	$f = $_;
-	
-	$found = 0;
-
-	for($i = 0; $i < 9; $i++) {
-		if(-e "manpages/$f.$i.xml") { $found = 1; }
-	}
-
-	if(!$found) {
-		print "'$f' does not have a manpage\n";
-	}
-}
-- 
1.7.9.5


From 7ce6ea22d6dc0e1411a887df0d48d1e434977f8e Mon Sep 17 00:00:00 2001
From: Jelmer Vernooij <jelmer@samba.org>
Date: Wed, 26 Sep 2012 01:31:26 +0200
Subject: [PATCH 27/50] smb.conf.5: Document 'cldap port'.

---
 docs-xml/smbdotconf/protocol/cldapport.xml |   13 +++++++++++++
 1 file changed, 13 insertions(+)
 create mode 100644 docs-xml/smbdotconf/protocol/cldapport.xml

diff --git a/docs-xml/smbdotconf/protocol/cldapport.xml b/docs-xml/smbdotconf/protocol/cldapport.xml
new file mode 100644
index 0000000..c5f7606
--- /dev/null
+++ b/docs-xml/smbdotconf/protocol/cldapport.xml
@@ -0,0 +1,13 @@
+<samba:parameter name="cldap port"
+                 context="G"
+				 type="integer"
+                 advanced="1" developer="1"
+                 xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+    <para>This option controls the port used by the CLDAP protocol.
+</para>
+</description>
+
+<value type="default">389</value>
+<value type="example">3389</value>
+</samba:parameter>
-- 
1.7.9.5


From b6dfe5f5436f498945533b8a9bf842030552ab2c Mon Sep 17 00:00:00 2001
From: Jelmer Vernooij <jelmer@samba.org>
Date: Wed, 26 Sep 2012 01:28:17 +0200
Subject: [PATCH 28/50] Remove unused neatquotes script.

---
 docs-xml/scripts/neatquotes.pl |   12 ------------
 1 file changed, 12 deletions(-)
 delete mode 100755 docs-xml/scripts/neatquotes.pl

diff --git a/docs-xml/scripts/neatquotes.pl b/docs-xml/scripts/neatquotes.pl
deleted file mode 100755
index 9d5aa6e..0000000
--- a/docs-xml/scripts/neatquotes.pl
+++ /dev/null
@@ -1,12 +0,0 @@
-#!/usr/bin/perl
-
-my $inprog = 0;
-
-while(<STDIN>) {
-	if(/<(programlisting|screen)>/) { $inprog = 1; }
-	if(/<\/(programlisting|screen)>/) { $inprog = 0; }
-	if(not /="(.*)"/ and not $inprog) {
-		s/"(.*?)"/<quote>\1<\/quote>/g;
-	}
-	print $_;
-}
-- 
1.7.9.5


From ab86fbb4602508c8ef2cbba7a5d53dc1dd24a503 Mon Sep 17 00:00:00 2001
From: Jelmer Vernooij <jelmer@samba.org>
Date: Wed, 26 Sep 2012 02:59:35 +0200
Subject: [PATCH 29/50] smb.conf(5): Remove documentation for removed 'lock
 spin count' parameter.

Autobuild-User(master): Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date(master): Wed Sep 26 09:41:09 CEST 2012 on sn-devel-104
---
 docs-xml/smbdotconf/locking/lockspincount.xml |   12 ------------
 1 file changed, 12 deletions(-)
 delete mode 100644 docs-xml/smbdotconf/locking/lockspincount.xml

diff --git a/docs-xml/smbdotconf/locking/lockspincount.xml b/docs-xml/smbdotconf/locking/lockspincount.xml
deleted file mode 100644
index da2582d..0000000
--- a/docs-xml/smbdotconf/locking/lockspincount.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<samba:parameter name="lock spin count"
-                 context="G"
-				 type="integer"
-                 xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
-<description>
-	<para>This parameter has been made inoperative in Samba 3.0.24.
-	The functionality it controlled is now controlled by the parameter
-	<smbconfoption name="lock spin time"/>.
-	</para>
-</description>
-<value type="default">0</value>
-</samba:parameter>
-- 
1.7.9.5


From 91843a390c1b8f8b604624397fc3a12f1a205985 Mon Sep 17 00:00:00 2001
From: Jelmer Vernooij <jelmer@samba.org>
Date: Wed, 26 Sep 2012 01:24:04 +0200
Subject: [PATCH 30/50] find_missing_manpages: Ignore make variables.

---
 docs-xml/scripts/find_missing_manpages |    1 +
 1 file changed, 1 insertion(+)

diff --git a/docs-xml/scripts/find_missing_manpages b/docs-xml/scripts/find_missing_manpages
index cd8ed87..12cbc28 100755
--- a/docs-xml/scripts/find_missing_manpages
+++ b/docs-xml/scripts/find_missing_manpages
@@ -20,6 +20,7 @@ while(<IN>) {
 }
 
 $progs =~ s/@([^@]+)@//g;
+$progs =~ s/\$\(.*?\)//g;
 
 foreach(split(/bin\//, $progs)) {
 	next if($_ eq " ");
-- 
1.7.9.5


From 945afc967398c51f114a090cb4b438db392d6a90 Mon Sep 17 00:00:00 2001
From: Jelmer Vernooij <jelmer@samba.org>
Date: Wed, 26 Sep 2012 02:05:39 +0200
Subject: [PATCH 31/50] find_missing_manpages: convert to python

---
 docs-xml/scripts/find_missing_manpages |   74 +++++++++++++++++++-------------
 1 file changed, 44 insertions(+), 30 deletions(-)

diff --git a/docs-xml/scripts/find_missing_manpages b/docs-xml/scripts/find_missing_manpages
index 12cbc28..a0a19af 100755
--- a/docs-xml/scripts/find_missing_manpages
+++ b/docs-xml/scripts/find_missing_manpages
@@ -1,40 +1,54 @@
-#!/usr/bin/perl
+#!/usr/bin/python
 
-my %doc;
+import optparse
+import os
+import re
 
-$invar = 0;
+parser = optparse.OptionParser("source_dir")
 
-$topdir = (shift @ARGV) or $topdir = ".";
+(opts, args) = parser.parse_args()
 
-$progs = "";
+invar = 0
 
-open(IN, "$topdir/Makefile.in");
-while(<IN>) {
-	if($invar && /^([ \t]*)(.*?)([\\])$/) {
-		$progs.=" " . $2;
-		if($4) { $invar = 1; } else { $invar = 0; }
-	} elsif(/^([^ ]*)_PROGS([0-9]*) = (.*?)([\\])$/) {
-		$progs.=" " . $3;
-		if($4) { $invar = 1; }
-	} else { $invar = 0; }
-}
+if len(args) == 1:
+    topdir = args[0]
+else:
+    topdir = "."
 
-$progs =~ s/@([^@]+)@//g;
-$progs =~ s/\$\(.*?\)//g;
+progs = []
 
-foreach(split(/bin\//, $progs)) {
-	next if($_ eq " ");
-	s/ //g;
+f = open(os.path.join(topdir, "Makefile.in"), "r")
 
-	$f = $_;
-	
-	$found = 0;
+for l in f.readlines():
+    l = l.strip()
+    if invar:
+        invar = (l[-1] == "\\")
+        progs.extend(l.rstrip("\\").split(" "))
+    else:
+        m = re.match("^([^ ]*)_PROGS([0-9]*) = (.*?)([\\\\])$", l)
+        if m:
+            progs.extend(m.group(3).split(" "))
+            invar = (m.group(4) == "\\")
+        else:
+            invar = False
 
-	for($i = 0; $i < 9; $i++) {
-		if(-e "manpages/$f.$i.xml") { $found = 1; }
-	}
+#$progs =~ s/@([^@]+)@//g;
+#$progs =~ s/\$\(.*?\)//g;
 
-	if(!$found) {
-		print "'$f' does not have a manpage\n";
-	}
-}
+for prog in progs:
+    prog = prog.strip()
+    if prog == "":
+        continue
+    if prog[0] in ("@", "$"):
+        continue
+    prog = prog[len("bin/"):]
+
+    found = False
+
+    for i in range(9):
+        p = "manpages/%s.%d.xml" % (prog, i)
+        if os.path.exists(p):
+            found = True
+
+    if not found:
+        print "'%s' does not have a manpage" % prog
-- 
1.7.9.5


From 45b47ea42f8a6ae3c22aac4169b6803d199ef4a7 Mon Sep 17 00:00:00 2001
From: Jelmer Vernooij <jelmer@samba.org>
Date: Wed, 26 Sep 2012 02:37:01 +0200
Subject: [PATCH 32/50] find_missing_doc: Convert to python.

---
 docs-xml/scripts/find_missing_doc      |  119 +++++++++++++++++++-------------
 docs-xml/scripts/find_missing_manpages |   43 ++++++++----
 2 files changed, 100 insertions(+), 62 deletions(-)

diff --git a/docs-xml/scripts/find_missing_doc b/docs-xml/scripts/find_missing_doc
index 6ce547b..d75ef8d 100755
--- a/docs-xml/scripts/find_missing_doc
+++ b/docs-xml/scripts/find_missing_doc
@@ -1,62 +1,83 @@
-#!/usr/bin/perl
+#!/usr/bin/python
 
-my %doc;
+# Copyright (C) 2007,2012 Jelmer Vernooij <jelmer@samba.org>
 
-$topdir = (shift @ARGV) or $topdir = ".";
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
 
-##################################################
-# Reading links from manpage
-
-$curdir = $ENV{PWD};
-
-chdir("smbdotconf");
+import optparse
+import os
+import re
 
-open(IN,"xsltproc --xinclude --param smb.context ALL generate-context.xsl parameters.all.xml|");
+parser = optparse.OptionParser("source_dir")
 
-while(<IN>) {
-	if( /<samba:parameter .*?name="([^"]*?)"/g ){
-		my $name = $1;
-	    $name =~ s/ //g;
-		$doc{$name} = "NOTFOUND";
-	}
-}
+(opts, args) = parser.parse_args()
 
-close(IN);
+if len(args) == 1:
+    topdir = args[0]
+else:
+    topdir = "."
 
-chdir($curdir);
-
-#################################################
-# Reading entries from source code
-
-
-open(SOURCE,"$topdir/lib/param/param_table.c") or die("Can't open $topdir/lib/param/param_table.c: $!");
+# Reading links from manpage
 
-while ($ln = <SOURCE>) {
-  last if $ln =~ m/^static\ struct\ parm_struct\ parm_table.*/;
-} #burn through the preceding lines
+curdir = os.getcwd()
+doc = {}
 
-while ($ln = <SOURCE>) {
-  last if $ln =~ m/^\s*\}\;\s*$/;
-  #pull in the param names only
-  next if $ln =~ m/.*P_SEPARATOR.*/;
-  next unless $ln =~ /\s*\.label\s*=\s*\"(.*)\".*/;
+os.chdir("smbdotconf");
 
-  my $name = $1;
-  $name =~ s/ //g;
+f = os.popen("xsltproc --xinclude --param smb.context ALL generate-context.xsl parameters.all.xml", "r")
+try:
+    for l in f.readlines():
+        m = re.match('<samba:parameter .*?name="([^"]*?)"', l)
+        if m:
+            name = m.group(1).replace(" ", "")
+            doc[name] = False
+finally:
+    f.close()
 
-  if($doc{lc($name)}) {
-	$doc{lc($name)} = "FOUND";
-  } else {
-	print "'$name' is not documented\n";
-  }
-}
-close SOURCE;
+os.chdir(curdir)
 
-##################################################
-# Trying to find missing references
+# Reading entries from source code
 
-foreach (keys %doc) {
-	if($doc{$_} cmp "FOUND") {
-		print "'$_' is documented but is not a configuration option\n";
-	}
-}
+f = open(os.path.join(topdir, "lib/param/param_table.c"), "r")
+
+# burn through the preceding lines
+while True:
+    l = f.readline()
+    if l.startswith("static struct parm_struct parm_table"):
+        break
+
+for l in f.readlines():
+    if re.match("^\s*\}\;\s*$", l):
+        break
+    # pull in the param names only
+    if re.match(".*P_SEPARATOR.*", l):
+        continue
+    m = re.match("\s*\.label\s*=\s*\"(.*)\".*", l)
+    if not m:
+        continue
+
+    name = m.group(1)
+    name = name.replace(" ", "")
+
+    if name.lower() in doc:
+        doc[name.lower()] = True
+    else:
+      print "'%s' is not documented" % name
+f.close()
+
+# Try to find missing references
+for key in doc.keys():
+     if doc[key] == "FOUND":
+         print "'$_' is documented but is not a configuration option"
diff --git a/docs-xml/scripts/find_missing_manpages b/docs-xml/scripts/find_missing_manpages
index a0a19af..baa5809 100755
--- a/docs-xml/scripts/find_missing_manpages
+++ b/docs-xml/scripts/find_missing_manpages
@@ -1,4 +1,19 @@
 #!/usr/bin/python
+# Copyright (C) 2007,2012 Jelmer Vernooij <jelmer@samba.org>
+
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
 
 import optparse
 import os
@@ -8,7 +23,7 @@ parser = optparse.OptionParser("source_dir")
 
 (opts, args) = parser.parse_args()
 
-invar = 0
+invar = False
 
 if len(args) == 1:
     topdir = args[0]
@@ -18,19 +33,21 @@ else:
 progs = []
 
 f = open(os.path.join(topdir, "Makefile.in"), "r")
-
-for l in f.readlines():
-    l = l.strip()
-    if invar:
-        invar = (l[-1] == "\\")
-        progs.extend(l.rstrip("\\").split(" "))
-    else:
-        m = re.match("^([^ ]*)_PROGS([0-9]*) = (.*?)([\\\\])$", l)
-        if m:
-            progs.extend(m.group(3).split(" "))
-            invar = (m.group(4) == "\\")
+try:
+    for l in f.readlines():
+        l = l.strip()
+        if invar:
+            invar = (l[-1] == "\\")
+            progs.extend(l.rstrip("\\").split(" "))
         else:
-            invar = False
+            m = re.match("^([^ ]*)_PROGS([0-9]*) = (.*?)([\\\\])$", l)
+            if m:
+                progs.extend(m.group(3).split(" "))
+                invar = (m.group(4) == "\\")
+            else:
+                invar = False
+finally:
+    f.close()
 
 #$progs =~ s/@([^@]+)@//g;
 #$progs =~ s/\$\(.*?\)//g;
-- 
1.7.9.5


From 0392d828d6c7c93096dc03d0828fa0e024d7abd2 Mon Sep 17 00:00:00 2001
From: Jelmer Vernooij <jelmer@samba.org>
Date: Wed, 26 Sep 2012 18:36:28 +0200
Subject: [PATCH 33/50] smb.conf(5): Distinguish parametric options.

---
 docs-xml/smbdotconf/misc/rpcdaemon.xml |    2 +-
 docs-xml/smbdotconf/misc/rpcserver.xml |    2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/docs-xml/smbdotconf/misc/rpcdaemon.xml b/docs-xml/smbdotconf/misc/rpcdaemon.xml
index 4ba27fc..8db9267 100644
--- a/docs-xml/smbdotconf/misc/rpcdaemon.xml
+++ b/docs-xml/smbdotconf/misc/rpcdaemon.xml
@@ -1,4 +1,4 @@
-<samba:parameter name="rpc_daemon"
+<samba:parameter name="rpc_daemon:DAEMON"
                  context="G"
 		 type="string"
 		 advanced="1" print="1"
diff --git a/docs-xml/smbdotconf/misc/rpcserver.xml b/docs-xml/smbdotconf/misc/rpcserver.xml
index fcc63fe..4372eea 100644
--- a/docs-xml/smbdotconf/misc/rpcserver.xml
+++ b/docs-xml/smbdotconf/misc/rpcserver.xml
@@ -1,4 +1,4 @@
-<samba:parameter name="rpc_server"
+<samba:parameter name="rpc_server:SERVER"
                  context="G"
 		 type="string"
 		 advanced="1" print="1"
-- 
1.7.9.5


From 4f141be8a1120d5412d0c628ecab2d3906407766 Mon Sep 17 00:00:00 2001
From: Jelmer Vernooij <jelmer@samba.org>
Date: Wed, 26 Sep 2012 12:41:20 -0700
Subject: [PATCH 34/50] smb.conf(5): 'write ok' is a reverse synonym for 'read
 only'.

---
 docs-xml/smbdotconf/security/readonly.xml |    1 +
 1 file changed, 1 insertion(+)

diff --git a/docs-xml/smbdotconf/security/readonly.xml b/docs-xml/smbdotconf/security/readonly.xml
index 6e1f6dd..612bf0d 100644
--- a/docs-xml/smbdotconf/security/readonly.xml
+++ b/docs-xml/smbdotconf/security/readonly.xml
@@ -3,6 +3,7 @@
 				 type="boolean"
                  basic="1" advanced="1"
                  xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<synonym>write ok</synonym>
 <description>
     <para>An inverted synonym is <smbconfoption name="writeable"/>.</para>
 
-- 
1.7.9.5


From bfb2d302395108b990a45a4032fb7c28522f0739 Mon Sep 17 00:00:00 2001
From: Jelmer Vernooij <jelmer@samba.org>
Date: Wed, 26 Sep 2012 12:46:37 -0700
Subject: [PATCH 35/50] smb.conf(5): Add basic documentation for 'krb5 port'.

---
 docs-xml/smbdotconf/security/krb5port.xml |   11 +++++++++++
 1 file changed, 11 insertions(+)
 create mode 100644 docs-xml/smbdotconf/security/krb5port.xml

diff --git a/docs-xml/smbdotconf/security/krb5port.xml b/docs-xml/smbdotconf/security/krb5port.xml
new file mode 100644
index 0000000..e4887fc
--- /dev/null
+++ b/docs-xml/smbdotconf/security/krb5port.xml
@@ -0,0 +1,11 @@
+<samba:parameter name="krb5 port"
+                 context="G"
+				 type="list"
+                 advanced="1" developer="1"
+                 xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+	<para>Specifies which port the KDC should listen on for Kerberos traffic.</para>
+</description>
+
+<value type="default">88</value>
+</samba:parameter>
-- 
1.7.9.5


From 6c936a7589992a1a2a4002a5b081e760aa98e059 Mon Sep 17 00:00:00 2001
From: Jelmer Vernooij <jelmer@samba.org>
Date: Wed, 26 Sep 2012 12:50:34 -0700
Subject: [PATCH 36/50] smb.conf(5): Add basic documentation for 'nbt port'.

---
 docs-xml/smbdotconf/protocol/nbtport.xml |   12 ++++++++++++
 1 file changed, 12 insertions(+)
 create mode 100644 docs-xml/smbdotconf/protocol/nbtport.xml

diff --git a/docs-xml/smbdotconf/protocol/nbtport.xml b/docs-xml/smbdotconf/protocol/nbtport.xml
new file mode 100644
index 0000000..d269189
--- /dev/null
+++ b/docs-xml/smbdotconf/protocol/nbtport.xml
@@ -0,0 +1,12 @@
+<samba:parameter name="nbt port"
+                 context="G"
+				 type="list"
+                 advanced="1" developer="1"
+                 xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+	<para>Specifies which port the server should use for NetBIOS over IP name
+		services traffic.</para>
+</description>
+
+<value type="default">137</value>
+</samba:parameter>
-- 
1.7.9.5


From 60b8df6547256c8e9f22ce9229b98489faf2a3e3 Mon Sep 17 00:00:00 2001
From: Jelmer Vernooij <jelmer@samba.org>
Date: Wed, 26 Sep 2012 12:51:41 -0700
Subject: [PATCH 37/50] smb.conf(5): Add basic documentation for 'web port'.

---
 docs-xml/smbdotconf/protocol/webport.xml |   12 ++++++++++++
 1 file changed, 12 insertions(+)
 create mode 100644 docs-xml/smbdotconf/protocol/webport.xml

diff --git a/docs-xml/smbdotconf/protocol/webport.xml b/docs-xml/smbdotconf/protocol/webport.xml
new file mode 100644
index 0000000..1b1073c
--- /dev/null
+++ b/docs-xml/smbdotconf/protocol/webport.xml
@@ -0,0 +1,12 @@
+<samba:parameter name="web port"
+                 context="G"
+				 type="list"
+                 advanced="1" developer="1"
+                 xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+	<para>Specifies which port the Samba web server should listen on.</para>
+</description>
+
+<value type="default">901</value>
+<value type="example">80</value>
+</samba:parameter>
-- 
1.7.9.5


From 6dedd30b6f301f3f37cab6e627d0357968426015 Mon Sep 17 00:00:00 2001
From: Jelmer Vernooij <jelmer@samba.org>
Date: Wed, 26 Sep 2012 12:55:15 -0700
Subject: [PATCH 38/50] smb.conf(5): Add basic documentation for 'unicode'.

---
 docs-xml/smbdotconf/protocol/unicode.xml |   13 +++++++++++++
 1 file changed, 13 insertions(+)
 create mode 100644 docs-xml/smbdotconf/protocol/unicode.xml

diff --git a/docs-xml/smbdotconf/protocol/unicode.xml b/docs-xml/smbdotconf/protocol/unicode.xml
new file mode 100644
index 0000000..22ffc4b
--- /dev/null
+++ b/docs-xml/smbdotconf/protocol/unicode.xml
@@ -0,0 +1,13 @@
+<samba:parameter name="unicode"
+                 context="G"
+				 type="bool"
+                 advanced="1" developer="1"
+                 xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+	<para>Specifies whether the server and client should support unicode.</para>
+
+	<para>If this option is set to false, the use of ASCII will be forced.</para>
+</description>
+
+<value type="default">True</value>
+</samba:parameter>
-- 
1.7.9.5


From 389685da537dc29730b3b8685d62e17f8006a09b Mon Sep 17 00:00:00 2001
From: Jelmer Vernooij <jelmer@samba.org>
Date: Wed, 26 Sep 2012 12:58:02 -0700
Subject: [PATCH 39/50] smb.conf(5): Add basic documentation for 'dgram port'.

---
 docs-xml/smbdotconf/protocol/dgramport.xml |   11 +++++++++++
 1 file changed, 11 insertions(+)
 create mode 100644 docs-xml/smbdotconf/protocol/dgramport.xml

diff --git a/docs-xml/smbdotconf/protocol/dgramport.xml b/docs-xml/smbdotconf/protocol/dgramport.xml
new file mode 100644
index 0000000..ee10e9c
--- /dev/null
+++ b/docs-xml/smbdotconf/protocol/dgramport.xml
@@ -0,0 +1,11 @@
+<samba:parameter name="dgram port"
+                 context="G"
+				 type="integer"
+                 advanced="1" developer="1"
+                 xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+	<para>Specifies which ports the server should listen on for NetBIOS datagram traffic.</para>
+</description>
+
+<value type="default">138</value>
+</samba:parameter>
-- 
1.7.9.5


From 0c169de3fa501b84c27faa5d6f60d17eabbe8f8f Mon Sep 17 00:00:00 2001
From: Jelmer Vernooij <jelmer@samba.org>
Date: Wed, 26 Sep 2012 12:59:32 -0700
Subject: [PATCH 40/50] smb.conf(5): Add basic documentation for 'kpasswd
 port'.

---
 docs-xml/smbdotconf/security/kpasswdport.xml |   12 ++++++++++++
 1 file changed, 12 insertions(+)
 create mode 100644 docs-xml/smbdotconf/security/kpasswdport.xml

diff --git a/docs-xml/smbdotconf/security/kpasswdport.xml b/docs-xml/smbdotconf/security/kpasswdport.xml
new file mode 100644
index 0000000..419e866
--- /dev/null
+++ b/docs-xml/smbdotconf/security/kpasswdport.xml
@@ -0,0 +1,12 @@
+<samba:parameter name="kpasswd port"
+                 context="G"
+				 type="integer"
+                 advanced="1" developer="1"
+                 xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+	<para>Specifies which ports the Kerberos server should listen on for
+		password changes.</para>
+</description>
+
+<value type="default">464</value>
+</samba:parameter>
-- 
1.7.9.5


From 969bfa25378969f9e9ea26d3987acb3f300ffa37 Mon Sep 17 00:00:00 2001
From: Jelmer Vernooij <jelmer@samba.org>
Date: Wed, 26 Sep 2012 13:07:54 -0700
Subject: [PATCH 41/50] smb.conf(5): Add basic documentation for 'rpc
 bigendian'.

Autobuild-User(master): Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date(master): Wed Sep 26 23:51:34 CEST 2012 on sn-devel-104
---
 docs-xml/smbdotconf/protocol/rpcbigendian.xml |   16 ++++++++++++++++
 1 file changed, 16 insertions(+)
 create mode 100644 docs-xml/smbdotconf/protocol/rpcbigendian.xml

diff --git a/docs-xml/smbdotconf/protocol/rpcbigendian.xml b/docs-xml/smbdotconf/protocol/rpcbigendian.xml
new file mode 100644
index 0000000..ae12f71
--- /dev/null
+++ b/docs-xml/smbdotconf/protocol/rpcbigendian.xml
@@ -0,0 +1,16 @@
+<samba:parameter name="rpc bigendian"
+                 context="G"
+				 type="bool"
+                 advanced="1" developer="1"
+                 xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+	<para>Setting this option will force the RPC client and server to
+		transfer data in big endian.</para>
+
+	<para>If it is disabled, data will be transferred in little endian.</para>
+
+	<para>The behaviour is independent of the endianness of the host machine.</para>
+</description>
+
+<value type="default">False</value>
+</samba:parameter>
-- 
1.7.9.5


From 47cfe16fa1c501b6f787aa33ffbc175cf1cbb0e5 Mon Sep 17 00:00:00 2001
From: Jelmer Vernooij <jelmer@samba.org>
Date: Wed, 26 Sep 2012 13:20:42 -0700
Subject: [PATCH 42/50] smb.conf(5): Consistent spelling of parameter names.

This includes spacing and casing.

Conflicts:
	source4/scripting/python/samba/tests/docs.py
---
 docs-xml/smbdotconf/misc/nishomedir.xml           |    2 +-
 docs-xml/smbdotconf/printing/addportcommand.xml   |    2 +-
 docs-xml/smbdotconf/protocol/rpcbigendian.xml     |    2 +-
 docs-xml/smbdotconf/security/clientntlmv2auth.xml |    2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/docs-xml/smbdotconf/misc/nishomedir.xml b/docs-xml/smbdotconf/misc/nishomedir.xml
index 45c4511..c617563 100644
--- a/docs-xml/smbdotconf/misc/nishomedir.xml
+++ b/docs-xml/smbdotconf/misc/nishomedir.xml
@@ -1,4 +1,4 @@
-<samba:parameter name="nis homedir"
+<samba:parameter name="NIS homedir"
 	         context="G"
 			 type="boolean"
 		 advanced="1" developer="1"
diff --git a/docs-xml/smbdotconf/printing/addportcommand.xml b/docs-xml/smbdotconf/printing/addportcommand.xml
index 17c899e..80e56c9 100644
--- a/docs-xml/smbdotconf/printing/addportcommand.xml
+++ b/docs-xml/smbdotconf/printing/addportcommand.xml
@@ -1,4 +1,4 @@
-<samba:parameter name="add port command"
+<samba:parameter name="addport command"
                  context="G"
 				 type="string"
 		 advanced="1" developer="1"
diff --git a/docs-xml/smbdotconf/protocol/rpcbigendian.xml b/docs-xml/smbdotconf/protocol/rpcbigendian.xml
index ae12f71..7d1d864 100644
--- a/docs-xml/smbdotconf/protocol/rpcbigendian.xml
+++ b/docs-xml/smbdotconf/protocol/rpcbigendian.xml
@@ -1,4 +1,4 @@
-<samba:parameter name="rpc bigendian"
+<samba:parameter name="rpc big endian"
                  context="G"
 				 type="bool"
                  advanced="1" developer="1"
diff --git a/docs-xml/smbdotconf/security/clientntlmv2auth.xml b/docs-xml/smbdotconf/security/clientntlmv2auth.xml
index b151df2..7f30356 100644
--- a/docs-xml/smbdotconf/security/clientntlmv2auth.xml
+++ b/docs-xml/smbdotconf/security/clientntlmv2auth.xml
@@ -1,4 +1,4 @@
-<samba:parameter name="client ntlmv2 auth"
+<samba:parameter name="client NTLMv2 auth"
                  context="G"
 				 type="boolean"
                  advanced="1" developer="1"
-- 
1.7.9.5


From e9551e40cd66325e5aec8ffbe449b56694f77e90 Mon Sep 17 00:00:00 2001
From: Jelmer Vernooij <jelmer@samba.org>
Date: Wed, 26 Sep 2012 16:02:40 -0700
Subject: [PATCH 43/50] smb.conf(5): Extend 'server min protocol' description.

Conflicts:
	docs-xml/smbdotconf/protocol/serverminprotocol.xml
---
 docs-xml/smbdotconf/protocol/serverminprotocol.xml |    6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/docs-xml/smbdotconf/protocol/serverminprotocol.xml b/docs-xml/smbdotconf/protocol/serverminprotocol.xml
index 40566ce..58323b5 100644
--- a/docs-xml/smbdotconf/protocol/serverminprotocol.xml
+++ b/docs-xml/smbdotconf/protocol/serverminprotocol.xml
@@ -1,7 +1,7 @@
 <samba:parameter name="server min protocol"
                  context="G"
-				 type="string"
-                 developer="1"
+                 type="enum"
+				 developer="1"
                  xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
 <synonym>min protocol</synonym>
 <description>
@@ -10,6 +10,6 @@
 
 <related>server max protocol</related>
 
-<value type="default">LANMAN1</value>
+<value type="default">CORE</value>
 <value type="example">NT1</value>
 </samba:parameter>
-- 
1.7.9.5


From 5719f2fbdd1347aeabdb95b83553505e08b979e4 Mon Sep 17 00:00:00 2001
From: Jelmer Vernooij <jelmer@samba.org>
Date: Wed, 26 Sep 2012 15:44:46 -0700
Subject: [PATCH 44/50] smb.conf(5): Document 'share backend' parameter.

---
 docs-xml/smbdotconf/base/sharebackend.xml |   18 ++++++++++++++++++
 1 file changed, 18 insertions(+)
 create mode 100644 docs-xml/smbdotconf/base/sharebackend.xml

diff --git a/docs-xml/smbdotconf/base/sharebackend.xml b/docs-xml/smbdotconf/base/sharebackend.xml
new file mode 100644
index 0000000..10958fa
--- /dev/null
+++ b/docs-xml/smbdotconf/base/sharebackend.xml
@@ -0,0 +1,18 @@
+<samba:parameter name="share backend"
+                 context="G"
+                 type="choice"
+                 xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+	<para>
+	This option specifies the backend that will be used to access the configuration of
+	file shares.
+	</para>
+
+	<para>Traditionally, Samba file shares have been configured in the
+		<option>smb.conf</option> file and this is still the default.
+	</para>
+
+	<para>At the moment there are no other supported backends.</para>
+</description>
+<value type="default">classic</value>
+</samba:parameter>
-- 
1.7.9.5


From bedfa8b4d94a017da06cdf97c951f62fe14e4cc6 Mon Sep 17 00:00:00 2001
From: Jelmer Vernooij <jelmer@samba.org>
Date: Wed, 26 Sep 2012 16:12:16 -0700
Subject: [PATCH 45/50] smb.conf(5): Add basic documentation for 'client min
 protocol'.

---
 docs-xml/smbdotconf/protocol/clientminprotocol.xml |   19 +++++++++++++++++++
 1 file changed, 19 insertions(+)
 create mode 100644 docs-xml/smbdotconf/protocol/clientminprotocol.xml

diff --git a/docs-xml/smbdotconf/protocol/clientminprotocol.xml b/docs-xml/smbdotconf/protocol/clientminprotocol.xml
new file mode 100644
index 0000000..3bcccec
--- /dev/null
+++ b/docs-xml/smbdotconf/protocol/clientminprotocol.xml
@@ -0,0 +1,19 @@
+<samba:parameter name="client min protocol"
+                 context="G"
+                 type="enum"
+				 developer="1"
+                 xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+	<para>This setting controls the minimum protocol version that the client
+		will attempt to use.</para>
+
+    <para>Normally this option should not be set as the automatic 
+    negotiation phase in the SMB protocol takes care of choosing 
+    the appropriate protocol.</para>
+</description>
+
+<related>client max protocol</related>
+<related>server min protocol</related>
+<value type="default">CORE</value>
+<value type="example">NT1</value>
+</samba:parameter>
-- 
1.7.9.5


From 7833153330a8fa5d1407536568346e603d299158 Mon Sep 17 00:00:00 2001
From: Jelmer Vernooij <jelmer@samba.org>
Date: Wed, 26 Sep 2012 16:11:05 -0700
Subject: [PATCH 46/50] smb.conf(5): Add documentation for 'client max
 protocol'.

---
 docs-xml/smbdotconf/protocol/clientmaxprotocol.xml |   78 ++++++++++++++++++++
 1 file changed, 78 insertions(+)
 create mode 100644 docs-xml/smbdotconf/protocol/clientmaxprotocol.xml

diff --git a/docs-xml/smbdotconf/protocol/clientmaxprotocol.xml b/docs-xml/smbdotconf/protocol/clientmaxprotocol.xml
new file mode 100644
index 0000000..06fda5a
--- /dev/null
+++ b/docs-xml/smbdotconf/protocol/clientmaxprotocol.xml
@@ -0,0 +1,78 @@
+<samba:parameter name="client max protocol"
+		 context="G"
+		 type="enum"
+		 developer="1"
+		 xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+    <para>The value of the parameter (a string) is the highest 
+    protocol level that will be supported by the client.</para>
+
+    <para>Possible values are :</para>
+    <itemizedlist>
+	<listitem>
+	    <para><constant>CORE</constant>: Earliest version. No 
+	    concept of user names.</para>
+	</listitem>
+			
+	<listitem>
+	    <para><constant>COREPLUS</constant>: Slight improvements on 
+	    CORE for efficiency.</para>
+	</listitem>
+
+	<listitem>
+	    <para><constant>LANMAN1</constant>: First <emphasis>modern</emphasis>
+	    version of the protocol. Long filename support.</para>
+	</listitem>
+
+	<listitem>
+	    <para><constant>LANMAN2</constant>: Updates to Lanman1 protocol.</para>
+	</listitem>
+
+	<listitem>
+	    <para><constant>NT1</constant>: Current up to date version of the protocol. 
+	    Used by Windows NT. Known as CIFS.</para>
+	</listitem>
+
+	<listitem>
+	    <para><constant>SMB2</constant>: Re-implementation of the SMB protocol.
+	    Used by Windows Vista and later versions of Windows. SMB2 has sub protocols available.</para>
+	    <itemizedlist>
+		<listitem>
+		    <para><constant>SMB2_02</constant>: The earliest SMB2 version.</para>
+		</listitem>
+		<listitem>
+		    <para><constant>SMB2_10</constant>: Windows 7 SMB2 version.</para>
+		</listitem>
+		<listitem>
+		    <para><constant>SMB2_22</constant>: Early Windows 8 SMB2 version.</para>
+		</listitem>
+		<listitem>
+		    <para><constant>SMB2_24</constant>: Windows 8 beta SMB2 version.</para>
+		</listitem>
+	    </itemizedlist>
+	    <para>By default SMB2 selects the SMB2_10 variant.</para>
+	</listitem>
+
+	<listitem>
+	    <para><constant>SMB3</constant>: The same as SMB2.
+	    Used by Windows 8. SMB3 has sub protocols available.</para>
+	    <itemizedlist>
+		<listitem>
+		    <para><constant>SMB3_00</constant>: Windows 8 SMB3 version. (mostly the same as SMB2_24)</para>
+		</listitem>
+	    </itemizedlist>
+	    <para>By default SMB3 selects the SMB3_00 variant.</para>
+	</listitem>
+    </itemizedlist>
+
+    <para>Normally this option should not be set as the automatic 
+    negotiation phase in the SMB protocol takes care of choosing 
+    the appropriate protocol.</para>
+</description>
+
+<related>server max protocol</related>
+<related>client mn protocol</related>
+
+<value type="default">SMB3</value>
+<value type="example">LANMAN1</value>
+</samba:parameter>
-- 
1.7.9.5


From c3bbd347e30b00334e24a3f7f4d361834a008b74 Mon Sep 17 00:00:00 2001
From: Jelmer Vernooij <jelmer@samba.org>
Date: Wed, 26 Sep 2012 16:06:14 -0700
Subject: [PATCH 47/50] smb.conf(5): List 'protocol' as alias for 'server max
 protocol'.

---
 docs-xml/smbdotconf/protocol/servermaxprotocol.xml |    1 +
 1 file changed, 1 insertion(+)

diff --git a/docs-xml/smbdotconf/protocol/servermaxprotocol.xml b/docs-xml/smbdotconf/protocol/servermaxprotocol.xml
index 57e82d1..94184c8 100644
--- a/docs-xml/smbdotconf/protocol/servermaxprotocol.xml
+++ b/docs-xml/smbdotconf/protocol/servermaxprotocol.xml
@@ -72,6 +72,7 @@
 
 <related>server min protocol</related>
 <synonym>max protocol</synonym>
+<synonym>protocol</synonym>
 
 <value type="default">SMB3</value>
 <value type="example">LANMAN1</value>
-- 
1.7.9.5


From 639fc6efbac5dea9d47e3b78d159bbda00b17e58 Mon Sep 17 00:00:00 2001
From: Jelmer Vernooij <jelmer@samba.org>
Date: Wed, 26 Sep 2012 18:01:35 -0700
Subject: [PATCH 48/50] smb.conf(5): Add basic documentation for 'dcerpc
 endpoint servers'.

---
 .../smbdotconf/protocol/dcerpcendpointservers.xml  |   12 ++++++++++++
 1 file changed, 12 insertions(+)
 create mode 100644 docs-xml/smbdotconf/protocol/dcerpcendpointservers.xml

diff --git a/docs-xml/smbdotconf/protocol/dcerpcendpointservers.xml b/docs-xml/smbdotconf/protocol/dcerpcendpointservers.xml
new file mode 100644
index 0000000..b6d5ddc
--- /dev/null
+++ b/docs-xml/smbdotconf/protocol/dcerpcendpointservers.xml
@@ -0,0 +1,12 @@
+<samba:parameter name="dcerpc endpoint servers"
+                 context="G"
+				 type="list"
+                 advanced="1" developer="1"
+                 xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+	<para>Specifies which DCE/RPC endpoint servers should be run.</para>
+</description>
+
+<value type="example">epmapper wkssvc rpcecho samr netlogon lsarpc spoolss drsuapi dssetup unixinfo browser eventlog6 backupkey</value>
+<value type="default">rpcecho</value>
+</samba:parameter>
-- 
1.7.9.5


From 8ed410ba35a1c1d788c75ff48ff4afaf0be0fe37 Mon Sep 17 00:00:00 2001
From: Karolin Seeger <kseeger@samba.org>
Date: Mon, 8 Oct 2012 11:57:40 +0200
Subject: [PATCH 49/50] docs: Add man 8 samba-tool.

Addresses bug #8802 - Create missing manpages for new binaries.

Please note that it's a very basic version. Please feel free
to extend.

Karolin
---
 docs-xml/manpages/samba-tool.8.xml |  613 ++++++++++++++++++++++++++++++++++++
 1 file changed, 613 insertions(+)
 create mode 100644 docs-xml/manpages/samba-tool.8.xml

diff --git a/docs-xml/manpages/samba-tool.8.xml b/docs-xml/manpages/samba-tool.8.xml
new file mode 100644
index 0000000..c312ff0
--- /dev/null
+++ b/docs-xml/manpages/samba-tool.8.xml
@@ -0,0 +1,613 @@
+<?xml version="1.0" encoding="iso-8859-1"?>
+<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
+<refentry id="samba-tool.8">
+
+<refmeta>
+	<refentrytitle>samba-tool</refentrytitle>
+	<manvolnum>8</manvolnum>
+	<refmiscinfo class="source">Samba</refmiscinfo>
+	<refmiscinfo class="manual">System Administration tools</refmiscinfo>
+	<refmiscinfo class="version">4.0</refmiscinfo>
+</refmeta>
+
+
+<refnamediv>
+	<refname>samba-tool</refname>
+	<refpurpose>Main Samba administration tool.
+	</refpurpose>
+</refnamediv>
+
+<refsynopsisdiv>
+	<cmdsynopsis>
+		<command>samba-tool</command>
+		<arg choice="opt">-h</arg>
+		<arg choice="opt">-W myworkgroup</arg>
+		<arg choice="opt">-U user</arg>
+		<arg choice="opt">-d debuglevel</arg>
+		<arg choice="opt">--v</arg>
+	</cmdsynopsis>
+</refsynopsisdiv>
+
+<refsect1>
+	<title>DESCRIPTION</title>
+	<para>This tool is part of the <citerefentry><refentrytitle>samba</refentrytitle>
+	<manvolnum>7</manvolnum></citerefentry> suite.</para>
+</refsect1>
+
+<refsect1>
+	<title>OPTIONS</title>
+
+	<variablelist>
+
+	<varlistentry>
+	<term>-h|--help</term>
+	<listitem><para>
+	Show this help message and exit
+	</para></listitem>
+	</varlistentry>
+
+	<varlistentry>
+	<term>-s FILE|--configfile=FILE</term>
+	<listitem><para>
+	Configuration file
+	</para></listitem>
+	</varlistentry>
+
+	<varlistentry>
+	<term>-d DEBUGLEVEL|--debuglevel=DEBUGLEVEL</term>
+	<listitem><para>
+	Debug Level
+	</para></listitem>
+	</varlistentry>
+
+	<varlistentry>
+	<term>--option=OPTION</term>
+	<listitem><para>
+	Set smb.conf option from command line
+	</para></listitem>
+	</varlistentry>
+
+	<varlistentry>
+	<term>--realm=REALM</term>
+	<listitem><para>
+	Set the realm name
+	</para></listitem>
+	</varlistentry>
+
+	<varlistentry>
+	<term>--simple-bind-dn=DN</term>
+	<listitem><para>
+	DN to use for a simple bind
+	</para></listitem>
+	</varlistentry>
+
+	<varlistentry>
+	<term>--password=PASSWORD</term>
+	<listitem><para>
+	Password
+	</para></listitem>
+	</varlistentry>
+
+	<varlistentry>
+	<term>-U USERNAME|--username=USERNAME</term>
+	<listitem><para>
+	Username
+	</para></listitem>
+	</varlistentry>
+
+	<varlistentry>
+	<term>-W WORKGROUP|--workgroup=WORKGROUP</term>
+	<listitem><para>
+	Workgroup
+	</para></listitem>
+	</varlistentry>
+
+	<varlistentry>
+	<term>-N|--no-pass</term>
+	<listitem><para>
+	Don't ask for a password
+	</para></listitem>
+	</varlistentry>
+
+	<varlistentry>
+	<term>-k KERBEROS|--kerberos=KERBEROS</term>
+	<listitem><para>
+	Use Kerberos
+	</para></listitem>
+	</varlistentry>
+
+	<varlistentry>
+	<term>--ipaddress=IPADDRESS</term>
+	<listitem><para>
+	IP address of the server
+	</para></listitem>
+	</varlistentry>
+
+	<varlistentry>
+	<term>--version</term>
+	<listitem><para>
+	Display version number
+	</para></listitem>
+	</varlistentry>
+
+	</variablelist>
+</refsect1>
+
+<refsect1>
+<title>COMMANDS</title>
+
+<refsect2>
+	<title>dbcheck</title>
+	<para>Check the local AD database for errors.</para>
+</refsect2>
+
+<refsect2>
+	<title>delegation</title>
+	<para>Manage Delegations.</para>
+</refsect2>
+
+<refsect3>
+	<title>delegation add-service <replaceable>accountname</replaceable> <replaceable>principal</replaceable> [options]</title>
+	<para>Add a service principal as msDS-AllowedToDelegateTo.</para>
+</refsect3>
+
+<refsect3>
+	<title>delegation del-service <replaceable>accountname</replaceable> <replaceable>principal</replaceable> [options]</title>
+	<para>Delete a service principal as msDS-AllowedToDelegateTo.</para>
+</refsect3>
+
+<refsect3>
+	<title>delegation for-any-protocol <replaceable>accountname</replaceable> [(on|off)] [options]</title>
+	<para>Set/unset UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION (S4U2Proxy)
+	for an account.</para>
+</refsect3>
+
+<refsect3>
+	<title>delegation for-any-service <replaceable>accountname</replaceable> [(on|off)] [options]</title>
+	<para>Set/unset UF_TRUSTED_FOR_DELEGATION for an account.</para>
+</refsect3>
+
+<refsect3>
+	<title>delegation show <replaceable>accountname</replaceable> [options]	</title>
+	<para>Show the delegation setting of an account.</para>
+</refsect3>
+
+<refsect2>
+	<title>dns</title>
+	<para>Manage Domain Name Service (DNS).</para>
+</refsect2>
+
+<refsect3>
+	<title>dns add <replaceable>server</replaceable> <replaceable>zone</replaceable> <replaceable>name</replaceable> <replaceable>A|AAAA|PTR|CNAME|NS|MX|SRV|TXT</replaceable> <replaceable>data</replaceable></title>
+	<para>Add a DNS record.</para>
+</refsect3>
+
+<refsect3>
+	<title>dns delete <replaceable>server</replaceable> <replaceable>zone</replaceable> <replaceable>name</replaceable> <replaceable>A|AAAA|PTR|CNAME|NS|MX|SRV|TXT</replaceable> <replaceable>data</replaceable></title>
+	<para>Delete a DNS record.</para>
+</refsect3>
+
+<refsect3>
+	<title>dns query <replaceable>server</replaceable> <replaceable>zone</replaceable> <replaceable>name</replaceable> <replaceable>A|AAAA|PTR|CNAME|NS|MX|SRV|TXT|ALL</replaceable> [options] <replaceable>data</replaceable></title>
+	<para>Query a name.</para>
+</refsect3>
+
+<refsect3>
+	<title>dns roothints <replaceable>server</replaceable> [<replaceable>name</replaceable>] [options]</title>
+	<para>Query root hints.</para>
+</refsect3>
+
+<refsect3>
+	<title>dns serverinfo <replaceable>server</replaceable> [options]</title>
+	<para>Query server information.</para>
+</refsect3>
+
+<refsect3>
+	<title>dns update <replaceable>server</replaceable> <replaceable>zone</replaceable> <replaceable>name</replaceable> <replaceable>A|AAAA|PTR|CNAME|NS|MX|SRV|TXT</replaceable> <replaceable>olddata</replaceable> <replaceable>newdata</replaceable></title>
+	<para>Update a DNS record.</para>
+</refsect3>
+
+<refsect3>
+	<title>dns zonecreate <replaceable>server</replaceable> <replaceable>zone</replaceable> [options]</title>
+	<para>Create a zone.</para>
+</refsect3>
+
+<refsect3>
+	<title>dns zonedelete <replaceable>server</replaceable> <replaceable>zone</replaceable> [options]</title>
+	<para>Delete a zone.</para>
+</refsect3>
+
+<refsect3>
+	<title>dns zoneinfo <replaceable>server</replaceable> <replaceable>zone</replaceable> [options]</title>
+	<para>Query zone information.</para>
+</refsect3>
+
+<refsect3>
+	<title>dns zonelist <replaceable>server</replaceable> [options]</title>
+	<para>List zones.</para>
+</refsect3>
+
+<refsect2>
+	<title>domain</title>
+	<para>Manage Domain.</para>
+</refsect2>
+
+<refsect3>
+	<title>domain classicupgrade [options] <replaceable>classic_smb_conf</replaceable></title>
+	<para>Upgrade from Samba classic (NT4-like) database to Samba AD DC
+	database.</para>
+</refsect3>
+
+<refsect3>
+	<title>domain dcpromo <replaceable>dnsdomain</replaceable> [DC|RODC] [options]</title>
+	<para>Promote an existing domain member or NT4 PDC to an AD DC.</para>
+</refsect3>
+
+<refsect3>
+	<title>domain demote</title>
+	<para>Demote ourselves from the role of domain controller.</para>
+</refsect3>
+
+<refsect3>
+	<title>domain exportkeytab <replaceable>keytab</replaceable> [options]</title>
+	<para>Dumps Kerberos keys of the domain into a keytab.</para>
+</refsect3>
+
+<refsect3>
+	<title>domain info <replaceable>ip_address</replaceable> [options]</title>
+	<para>Print basic info about a domain and the specified DC.
+</para>
+</refsect3>
+
+<refsect3>
+	<title>domain join <replaceable>dnsdomain</replaceable> [DC|RODC|MEMBER|SUBDOMAIN] [options]</title>
+	<para>Join a domain as either member or backup domain controller.</para>
+</refsect3>
+
+<refsect3>
+	<title>domain level <replaceable>show|raise</replaceable> <replaceable>options</replaceable> [options]</title>
+	<para>Show/raise domain and forest function levels.</para>
+</refsect3>
+
+<refsect3>
+	<title>domain passwordsettings <replaceable>show|set</replaceable> <replaceable>options</replaceable> [options]</title>
+	<para>Show/set password settings.</para>
+</refsect3>
+
+<refsect3>
+	<title>domain provision</title>
+	<para>Promote an existing domain member or NT4 PDC to an AD DC.</para>
+</refsect3>
+
+<refsect2>
+	<title>drs</title>
+	<para>Manage Directory Replication Services (DRS).</para>
+</refsect2>
+
+<refsect3>
+	<title>drs bind</title>
+	<para>Show DRS capabilities of a server.</para>
+</refsect3>
+
+<refsect3>
+	<title>drs kcc</title>
+	<para>Trigger knowledge consistency center run.</para>
+</refsect3>
+
+<refsect3>
+	<title>drs options</title>
+	<para>Query or change <replaceable>options</replaceable> for NTDS Settings
+	object of a domain controller.</para>
+</refsect3>
+
+<refsect3>
+	<title>drs replicate <replaceable>destination_DC</replaceable> <replaceable>source_DC</replaceable> <replaceable>NC</replaceable> [options]</title>
+	<para>Replicate a naming context between two DCs.</para>
+</refsect3>
+
+<refsect3>
+	<title>drs showrepl</title>
+	<para>Show replication status.</para>
+</refsect3>
+
+<refsect2>
+	<title>dsacl</title>
+	<para>Administer DS ACLs</para>
+</refsect2>
+
+<refsect3>
+	<title>dsacl set</title>
+	<para>Modify access list on a directory object.</para>
+</refsect3>
+
+<refsect2>
+	<title>fsmo</title>
+	<para>Manage Flexible Single Master Operations (FSMO).</para>
+</refsect2>
+
+<refsect3>
+	<title>fsmo seize [options]</title>
+	<para>Seize the role.</para>
+</refsect3>
+
+<refsect3>
+	<title>fsmo show</title>
+	<para>Show the roles.</para>
+</refsect3>
+
+<refsect3>
+	<title>fsmo transfer [options]</title>
+	<para>Transfer the role.</para>
+</refsect3>
+
+<refsect2>
+	<title>gpo</title>
+	<para>Manage Group Policy Objects (GPO).</para>
+</refsect2>
+
+<refsect3>
+	<title>gpo create <replaceable>displayname</replaceable> [options]</title>
+	<para>Create an empty GPO.</para>
+</refsect3>
+
+<refsect3>
+	<title>gpo del <replaceable>gpo</replaceable> [options]</title>
+	<para>Delete GPO.</para>
+</refsect3>
+
+<refsect3>
+	<title>gpo dellink <replaceable>container_dn</replaceable> <replaceable>gpo</replaceable> [options]</title>
+	<para>Delete GPO link from a container.</para>
+</refsect3>
+
+<refsect3>
+	<title>gpo fetch <replaceable>gpo</replaceable> [options]</title>
+	<para>Download a GPO.</para>
+</refsect3>
+
+<refsect3>
+	<title>gpo getinheritance <replaceable>container_dn</replaceable> [options]</title>
+	<para>Get inheritance flag for a container.</para>
+</refsect3>
+
+<refsect3>
+	<title>gpo getlink <replaceable>container_dn</replaceable> [options]</title>
+	<para>List GPO Links for a container.</para>
+</refsect3>
+
+<refsect3>
+	<title>gpo list <replaceable>username</replaceable> [options]</title>
+	<para>List GPOs for an account.</para>
+</refsect3>
+
+<refsect3>
+	<title>gpo listall</title>
+	<para>List all GPOs.</para>
+</refsect3>
+
+<refsect3>
+	<title>gpo listcontainers <replaceable>gpo</replaceable> [options]</title>
+	<para>List all linked containers for a GPO.</para>
+</refsect3>
+
+<refsect3>
+	<title>gpo setinheritance <replaceable>container_dn</replaceable> <replaceable>block|inherit</replaceable> [options]</title>
+	<para>Set inheritance flag on a container.</para>
+</refsect3>
+
+<refsect3>
+	<title>gpo setlink <replaceable>container_dn</replaceable> <replaceable>gpo</replaceable> [options]</title>
+	<para>Add or Update a GPO link to a container.</para>
+</refsect3>
+
+<refsect3>
+	<title>gpo show <replaceable>gpo</replaceable> [options]</title>
+	<para>Show information for a GPO.</para>
+</refsect3>
+
+<refsect2>
+	<title>group</title>
+	<para>Manage groups.</para>
+</refsect2>
+
+<refsect3>
+	<title>group add <replaceable>groupname</replaceable> [options]</title>
+	<para>Create a new AD group.</para>
+</refsect3>
+
+<refsect3>
+	<title>group addmembers <replaceable>groupname</replaceable> <replaceable>members</replaceable> [options]</title>
+	<para>Add members to an AD group.</para>
+</refsect3>
+
+<refsect3>
+	<title>group delete <replaceable>groupname</replaceable> [options]</title>
+	<para>Delete an AD group.</para>
+</refsect3>
+
+<refsect3>
+	<title>group list</title>
+	<para>List all groups.</para>
+</refsect3>
+
+<refsect3>
+	<title>group listmembers <replaceable>groupname</replaceable> [options]</title>
+	<para>List all members of the specified AD group.</para>
+</refsect3>
+
+<refsect3>
+	<title>group removemembers <replaceable>groupname</replaceable> <replaceable>members</replaceable> [options]</title>
+	<para>Remove members from the specified AD group.</para>
+</refsect3>
+
+<refsect2>
+	<title>ldapcmp <replaceable>URL1</replaceable> <replaceable>URL2</replaceable> <replaceable>domain|configuration|schema|dnsdomain|dnsforest</replaceable> [options] </title>
+	<para>Compare two LDAP databases.</para>
+</refsect2>
+
+<refsect2>
+	<title>ntacl</title>
+	<para>Manage NT ACLs.</para>
+</refsect2>
+
+<refsect3>
+	<title>ntacl get <replaceable>file</replaceable> [options]</title>
+	<para>Get ACLs on a file.</para>
+</refsect3>
+
+<refsect3>
+	<title>ntacl set <replaceable>acl</replaceable> <replaceable>file</replaceable> [options]</title>
+	<para>Set ACLs on a file.</para>
+</refsect3>
+
+<refsect3>
+	<title>ntacl sysvolcheck</title>
+	<para>Check sysvol ACLs match defaults (including correct ACLs on GPOs).</para>
+</refsect3>
+
+<refsect3>
+	<title>ntacl sysvolreset</title>
+	<para>Reset sysvol ACLs to defaults (including correct ACLs on GPOs).</para>
+</refsect3>
+
+<refsect2>
+	<title>rodc</title>
+	<para>Manage Read-Only Domain Controller (RODC).</para>
+</refsect2>
+
+<refsect3>
+	<title>rodc preload <replaceable>SID</replaceable>|<replaceable>DN</replaceable>|<replaceable>accountname</replaceable> [options]</title>
+	<para>Preload one account for an RODC.</para>
+</refsect3>
+
+<refsect2>
+	<title>sites</title>
+	<para>Manage sites.</para>
+</refsect2>
+
+<refsect3>
+	<title>sites create <replaceable>site</replaceable> [options]</title>
+	<para>Create a new site.</para>
+</refsect3>
+
+<refsect3>
+	<title>sites remove <replaceable>site</replaceable> [options]</title>
+	<para>Delete an esxisting site.</para>
+</refsect3>
+
+<refsect2>
+	<title>spn</title>
+	<para>Manage Service Principal Names (SPN).</para>
+</refsect2>
+
+<refsect3>
+	<title>spn add <replaceable>name</replaceable> <replaceable>user</replaceable> [options]</title>
+	<para>Create a new SPN.</para>
+</refsect3>
+
+<refsect3>
+	<title>spn delete <replaceable>name</replaceable> [<replaceable>user</replaceable>] [options]</title>
+	<para>Delete an existing SPN.</para>
+</refsect3>
+
+<refsect3>
+	<title>spn list <replaceable>user</replaceable> [options]</title>
+	<para>List SPNs of a given user.</para>
+</refsect3>
+
+<refsect2>
+	<title>testparm</title>
+	<para>Check the syntax of the configuration file.</para>
+</refsect2>
+
+<refsect2>
+	<title>time</title>
+	<para>Retrieve the time on a server.</para>
+</refsect2>
+
+<refsect2>
+	<title>user</title>
+	<para>Manage users.</para>
+</refsect2>
+
+<refsect3>
+	<title>user add <replaceable>username</replaceable> [<replaceable>password</replaceable>]</title>
+	<para>Create a new user. Please note that this subcommand is deprecated
+	and available for compatibility reasons only. Please use
+	<command>samba-tool user create</command> instead.</para>
+</refsect3>
+
+<refsect3>
+	<title>user create <replaceable>username</replaceable> [<replaceable>password</replaceable>]</title>
+	<para>Create a new user in the Active Directory Domain.</para>
+</refsect3>
+
+<refsect3>
+	<title>user delete <replaceable>username</replaceable> [options]</title>
+	<para>Delete an existing user account.</para>
+</refsect3>
+
+<refsect3>
+	<title>user disable <replaceable>username</replaceable></title>
+	<para>Disable an user account.</para>
+</refsect3>
+
+<refsect3>
+	<title>user enable <replaceable>username</replaceable></title>
+	<para>Enable an user account.</para>
+</refsect3>
+
+<refsect3>
+	<title>user list</title>
+	<para>List all users.</para>
+</refsect3>
+
+<refsect3>
+	<title>user password [options]</title>
+	<para>Change password for an user account (the one provided in
+	authentication).</para>
+</refsect3>
+
+<refsect3>
+	<title>user setexpiry <replaceable>username</replaceable> [options]</title>
+	<para>Set the expiration of an user account.</para>
+</refsect3>
+
+<refsect3>
+	<title>user setpassword <replaceable>username</replaceable> [options]</title>
+	<para>Sets or resets the password of an user account.</para>
+</refsect3>
+
+<refsect2>
+	<title>vampire [options] <replaceable>domain</replaceable></title>
+	<para>Join and synchronise a remote AD domain to the local server.
+	Please note that <command>samba-tool vampire</command> is deprecated,
+	please use <command>samba-tool domain join</command> instead.</para>
+</refsect2>
+
+<refsect2>
+<title>help</title>
+<para>Gives usage information.</para>
+</refsect2>
+
+</refsect1>
+
+<refsect1>
+	<title>VERSION</title>
+
+	<para>This man page is complete for version 4 of the Samba
+	suite.</para>
+</refsect1>
+
+<refsect1>
+	<title>AUTHOR</title>
+
+	<para>The original Samba software and related utilities
+	were created by Andrew Tridgell. Samba is now developed
+	by the Samba Team as an Open Source project similar
+	to the way the Linux kernel is developed.</para>
+
+	<para>The samba-tool manpage was written by Karolin Seeger.</para>
+</refsect1>
+
+</refentry>
-- 
1.7.9.5


From 69b3f7ff85c781e92339fbb26bdaf09bde4b77a1 Mon Sep 17 00:00:00 2001
From: Karolin Seeger <kseeger@samba.org>
Date: Tue, 9 Oct 2012 11:56:19 +0200
Subject: [PATCH 50/50] docs: Add '-V' to the list of options.

Karolin

Autobuild-User(master): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(master): Tue Oct  9 18:53:12 CEST 2012 on sn-devel-104
(cherry picked from commit f88ab17993e22a9c368017d54da437c057e371ca)
---
 docs-xml/manpages/samba-tool.8.xml |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs-xml/manpages/samba-tool.8.xml b/docs-xml/manpages/samba-tool.8.xml
index c312ff0..a8f2afe 100644
--- a/docs-xml/manpages/samba-tool.8.xml
+++ b/docs-xml/manpages/samba-tool.8.xml
@@ -124,7 +124,7 @@
 	</varlistentry>
 
 	<varlistentry>
-	<term>--version</term>
+	<term>-V|--version</term>
 	<listitem><para>
 	Display version number
 	</para></listitem>
-- 
1.7.9.5